Help:LDAP

From SecurePass

Jump to: navigation, search

SecurePass LDAP support

Contents

LDAP Integration

The Lightweight Directory Access Protocol (or LDAP) is an application protocol for accessing directory services. A directory is an organized set of records, usually regarding physical people, that contains information; for example a "company directory" can contain telephone numbers, e-mail addresses, etc...

Some LDAP directories contains also password data and are able to "authenticate" people. As such, a large number of applications can access data and authenticate users using this protocol. SecurePass supports access to the company identities through the LDAP protocol, both for authentication purposes and to access users' information, for example for a corporate directory.

Thousand of applications and all operating systems support LDAP as a way to authenticate your users. Check you favorite application/operating system manual on how to integrate an LDAP authentication.

Configure LDAP

In order to make Secure Pass work with your application, you must specify the following LDAP servers:

Hostname Datacentre Zone
Primary LDAP ldap1.secure-pass.net Ticino, Switzerland
Secondary LDAP ldap2.secure-pass.net Milan, Italy


Experimental global load-balancing service: it is now possible to leverage SecurePass' global load balancing architecture. Easily point your application to ldap.secure-pass.net and our geographical service will automatically select your closest available datacenter. Although stable, this feature is considered experimental.

Read-only access

In the "My Service" page of the administrative interface, you will find the parameters to bind to the SecurePass LDAP service in read-only.

Ldap ro.png

User authentication using LDAP

Template:
uid=<USER_WITH_REAM>,ou=people,ou=<REALM>,dc=secure-pass,dc=net

Example:
uid=test@demo,ou=people,ou=demo,dc=secure-pass,dc=net

Troubleshoot

If you get the following error:

TLS: peer cert untrusted or revoked (0x42)
TLS: can't connect: (unknown error code).

it means that you don't have the GoDaddy certificate authority in the list of the certification authoritites. Go to https://certs.godaddy.com/anonymous/repository.seam, download and install the gd_bundle.crt file in your system/application.