Skip to main content
Skip table of contents

Adding new LDAP/LDAPs directory

About LDAP and Secure LDAP

LDAP (Lightweight Directory Access Protocol) is an open, cross-platform protocol used for accessing and managing directory information services over an IP network. It's used to interact with directory services that store information in a hierarchical structure, such as user information, groups, and organizational data. LDAP allows applications and systems to query, modify, and authenticate user credentials or retrieve data stored in a directory service. It organizes data in a tree-like format, with entries (like users and groups) represented as nodes.

LDAPS (LDAP Secure) is a secure version of LDAP that incorporates SSL/TLS encryption to ensure the data being transmitted is secure. It helps protect sensitive information such as user credentials during communication. LDAP is platform-agnostic, allowing non-Windows systems to interact with Active Directory.

Using LDAP or LDAPS, centralization of user management, enhancement of security, and interaction streamlining between different systems and applications is made easily configurable with Sectona PAM. LDAP provides a standardized way for systems and applications to authenticate users and check their permissions. Active Directory acts as the central authority for managing user accounts and credentials. LDAP is used to query and retrieve information from AD, such as users, groups, and organizational units.

Steps to add a new LDAP/LDAPs directory

Follow the below-recommended steps to add a new Directory Store in Sectona Platform:

  • Login to System and select Platform Configuration from the product navigator.

  • Under the Authentication section, you can select the AD & Directory Store button.

  • Click on +AD & Directory Store displayed on the top right position and input data in the form.

  • Provide a unique name to identify the directory name in field Directory Name.

  • Select the type of directory you are integrating. The system supports Window Active Directory or Generic SAML.

  • Select the Directory Store Type. System supports communication with LDAP and LDAPS method.

  • Provide an IP address/hostname of the directory store.

  • Specify the base domain name of the directory store. (eg DC=LOCALAD,DC=COM )

  • Specify the domain name of the server.

  • Provide port no. and change the port no. if you are using any custom ports. ( Default port for LDAP is 389 and LDAPS is 636)

  • Specify the username for server-side authentication. The username should have sufficient privileges to with ‘Read’ permission.

  • The same username can be used as a management account for AD privilege account password change. Additional privileges are required to be enabled such as on User Object set (check) permissions - ‘Reset Password’, ‘Read pwdLastSet’, ‘Write pwdLastSet’, ‘Read lockOutTime’ and ‘Write lockOutTime’.

  • Specify the password for server-side authentication.

  • Click on the Status slider to activate the configuration.

  • Click on Save and your new directory will be created.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close