LDAP / Active Directory

LDAP discoveries let you browse an Active Directory or OpenLDAP directory and list hosts in your IT infrastructure.

Configure an LDAP directory

Before running LDAP discoveries, you need to configure the server to access, usually the domain controller, along with authentication information.

We recommend that you create a dedicated read-only user for browsing the directory.

To add an LDAP directory:

  1. Go to Stored credentials, and click Add.
  2. Select type LDAP / Active Directory.
  3. Fill in the name of the credential set.
  4. Specify the URL for the domain controller with its protocol. Only ldap:// and ldaps:// URLs are supported.
  5. Specify the user to login as. It may be an email address or an LDAP name like CN=Your user,CN=Users,DC=example,DC=com.
  6. Fill in the remaining fields and confirm.

The created directory may then be referenced when creating LDAP discoveries.

Create an LDAP discovery

  1. Go to Discoveries, and click Add. Select LDAP or Active Directory in the Local infrastructure category.

  2. In Credentials, select the directory you want to use.

  3. In Target, specify the tree base for the search. To browse a whole domain, you may specify the domain name with DC elements. For instance, if your domain is example.com that would be DC=example,DC=com. You may also specify finer criteria like an OU (Organizational Unit) or other properties depending on what your directory uses.

  4. Optionally specify a filter for including only a subset of hosts. For example, the filter (cn=DESKTOP-*) selects only hosts whose common name begins with DESKTOP-. Logical operators &, | and ! are supported. See RFC 2254 for the complete reference for the filter format.

  5. Click Confirm.

When created, the discovery is immediately started as a background task. You may check state of the task any time from Discoveries.