LDAP / Active Directory
LDAP discoveries let you browse an Active Directory or OpenLDAP directory and list hosts in your IT infrastructure.
Prerequisites
- User with read-only rights
Configure an LDAP directory
Before running LDAP discoveries, you need to configure the server to access, usually the domain controller, along with authentication information.
We recommend that you create a dedicated read-only user for browsing the directory.
To add an LDAP directory:
- Go to Stored credentials, and click Add
- Select type LDAP / Active Directory
- Fill in the name of the credential set
- Specify the URL for the domain controller with its protocol. Only
ldap://
andldaps://
URLs are supported - Specify the user to login as. It may be an email address or an LDAP name like
CN=Your user,CN=Users,DC=example,DC=com
- Fill in the remaining fields and confirm
The created directory may then be referenced when creating LDAP discoveries.
Create an LDAP discovery
Go to Discoveries, and click Add. Select LDAP or Active Directory in the Local infrastructure category
In Credentials, select the directory you want to use
In Target, specify the tree base for the search. To browse a whole domain, you may specify the domain name with DC elements. For instance, if your domain is example.com that would be
DC=example,DC=com
. You may also specify finer criteria like an OU (Organizational Unit) or other properties depending on what your directory usesOptionally specify a filter for including only a subset of hosts. For example, the filter
(cn=DESKTOP-*)
selects only hosts whose common name begins withDESKTOP-
. Logical operators&
,|
and!
are supported. See RFC 2254 for the complete reference for the filter formatClick Confirm
When created, the discovery is immediately started as a background task. You may check state of the task any time from Discoveries.