LDAP / Active Directory Filters

To define an LDAP Filter is required to know the canonical group name that want to be used for authorization.

In order to collect this information is required to get this attribute from Active Directoy:

We have created an Organizational unit called Corporate_Users as shown by the Step 1.

Inside this OU exists an Security Group called Corporate_User, editing this, using right button and then properties as shown by the Step 3.

We can find the attribute editor, Edit the attribute distinguedName and copy and save the this attribute to be used in the following steps.

../../../_images/oncmdbldapfilter.PNG

Is assumed that we have the AD/LDAP CN for the group that wants to be used for authorization.

To define a LDAP Filter goes to ON CMDB -> LDAP/AD Filters as shown by the step 1 and step 2.

Can be added, edited and deleted any LDAP Filter as shown by the Step 3.

Is required to assign a LDAP Filter name and the LDAP/AD query. We can use different attributes and conditions, memberOf checks if a user belongs to specific group, the group checked is Corporate_User that belong to an organizational unit and this is part of the domain named mycompany.local.

../../../_images/oncmdbldapfilter1.PNG

Check & enable LDAP Query Allow to verify and enable the LDAP filter from the list.

Disable LDAP Query Allow to disable the selected filter from the list.

Applying LDAP Filters and UDS

As soon as are created the UDS and the LDAP filter this can be used at the Security policy definition in preconditions users section. For more information review Policy Preconditions.

In case we want just to authenticate from the Active Directory with authorization is only required to add the UDS as shown by the orange point 1.

Otherwise if we want to use an attribute is required to assign an LDAP filter to be used as show by the orange point 2.

../../../_images/applyudsldapfilters.PNG