defguard
  • Introduction
  • User documentation (help)
    • Configuring VPN
      • Defguard Desktop Client
        • Update instance
      • Other WireGuard® Clients
        • Configuring manually a device for a new VPN Location
    • Password change / Reset
    • Enrollment & Onboarding
      • With internal Defguard SSO
      • With external SSO (Google/Microsoft/Custom)
    • Setting up 2FA/MFA
    • Desktop Client
    • CLI Client
  • Admin & features
    • Troubleshooting Guide
      • Sending support information
      • Client Windows installer exit codes
    • Deploying your instance
      • Upgrading
      • One-line install script
      • Standalone package based installation
      • Docker images and tags
      • Docker Compose
      • Kubernetes
      • Gateway
        • Running gateway on MikroTik routers
      • Securing gRPC communication
      • OpenID RSA key
      • Configuration
      • Pre-production and development releases
      • High Availability and Failover
      • Health check
    • Features & configuration
      • Zero-Trust VPN with 2FA/MFA
        • Create/manage VPN Location
        • Network overview
        • Executing custom gateway commands
        • Multi-Factor Authentication (MFA/2FA)
          • MFA Architecture
        • Remote desktop client configuration
        • DNS and domains
      • Remote user enrollment
        • User onboarding after enrollment
      • SSO (OpenID Connect)
        • Portainer
        • Grafana setup
        • Proxmox
        • Matrix / Synapse
        • Django
        • MinIO
        • Vault
      • SMTP for email notifications
      • YubiKey Provisioning
      • Webhooks
      • Forward auth
      • SSH Authentication
      • Network devices
      • Gateway notifications
      • New version notifications
  • Enterprise Features
    • License
    • Enteprise features
      • Automatic (real time) desktop client configuration & sync
      • External OpenID providers
        • Google
        • Microsoft
        • Zitadel
        • Keycloak
        • JumpCloud
        • Okta
        • Custom
      • External OIDC secure enrollment
      • VPN & Client behavior customization
      • REST API
      • Access Control List
      • LDAP and Active Directory integration
        • Configuration
        • Settings table
        • Two-way LDAP and Active Directory synchronization
  • Tutorials
    • Step by step setting up a VPN server
      • Adding additional VPN locations
  • In depth
    • Roadmap
    • Architecture
      • How do VPN statistics work
      • Security concepts
  • For Developers
    • Contributing
    • Environment setup
    • Translations (core/web)
      • Switching language
      • Adding translations
  • Translations (client)
    • Adding translations
  • Contact us
    • Community & Support
Powered by GitBook
On this page

Was this helpful?

Edit on GitHub
  1. Enterprise Features
  2. Enteprise features
  3. LDAP and Active Directory integration

Settings table

List with description of settings for LDAP found in settings page.

Field
Description
Default

URL

URL that points to your LDAP server.

empty

Bind Username

Bind DN used for authentication.

cn=admin,dc=example,dc=org

Bind Password

Password used for authentication.

empty

Member Attribute

Naming attribute for group membership.

memberOf

Username Attribute

Naming attribute for users.

cn

User Search Base

Relative Distinguished Name (RDN) of your user entries.

ou=users,dc=example,dc=org

User Object Class

Object class used for user entries.

inetOrgPerson

Additional User Object Classes

Auxiliary classes for user entries

simpleSecurityObject, sambaSamAccount

Groupname Attribute

Naming attribute for groups.

cn

Group Object Class

Object class used for group entries.

groupOfUniqueNames

Group Member Attribute

Naming attribute for group membership.

uniqueMember

Group Search Base

Relative Distinguished Name (RDN) of your group entries.

ou=groups,dc=example,dc=org

Settings in depth

There are a few settings that may be not so obvious:

  • Additional User Object Classes: User object classes that will be assigned to a user and will also define assigned attributes. For example, simpleSecurityObject will make users posses the userPasswordattribute.

  • User Object Class: The structural class of your users. Just like the additional user object classes it will define the added attributes but also will be used during user search. Defguard will only consider entries with this class as users.

PreviousConfigurationNextTwo-way LDAP and Active Directory synchronization

Last updated 2 days ago

Was this helpful?