- Host: Address of the LDAP server
- Port: Port used by the LDAP server
- TLS: Check if the LDAP connection uses the TLS protocol
- Basename: Base DN used to search in the directory
This element lets Cyberwatch request the LDAP directory to check the groups of the users
dn: DinstiguishedName of the consultation account
For Microsoft Active Directory, the dn of the user username can be found with these commands:
Import-Module ActiveDirectory Get-ADUser username | Select-Object DistinguishedName
Password: Password of the consultation account
- Login field: LDAP field used to create the logins of Cyberwatch users (by default, this field is set to uid)
For Microsoft Active Directory the groups of the user username can be found with these commands:
Import-Module ActiveDirectory (Get-ADUser username –Properties MemberOf | Select-Object MemberOf).MemberOf
- Groups: List of the groups from the directory that will generate standard users accounts.
- Admin groups: List of the groups from the directory that will generate administrator users accounts.
Filling at least one of these settings is mandatory in order to be able to use Cyberwatch with an LDAP directory.
To display the logs of the LDAP connection:
- Use the procedure to Consult Cyberwatch logs
Filter the logs to get only LDAP related errors:
sudo cyberwatch logs web 2>&1 | grep ERROR | grep LDAP