Cortex XSOAR for Developers (Formerly Demisto)

OpenLDAP (Beta)

beta

This is a beta Integration, which lets you implement and test pre-release software. Since the integration is beta, it might contain bugs. Updates to the integration during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the integration to help us identify issues, fix them, and continually improve.

Overview

This integration enables using your OpenLDAP user authentication settings in Demisto. Users can log in to Demisto with their OpenLDAP username and passwords, and their permissions in Demisto will be set according to the groups and mapping set in AD Roles Mapping.

Use Cases

Use OpenLDAP user authentication groups to set user roles in Demisto.

Configure OpenLDAP on Demisto

  1. Navigate to Settings > Integrations > Servers & Services.
  2. Search for OpenLDAP.
  3. Click Add instance to create and configure a new integration instance.
    • Name: a textual name for the integration instance.
    • Server IP or Host Name (e.g. 192.168.0.1)
    • Port. If not specified, default port is 389, or 636 for LDAPS.
    • User DN (e.g cn=admin,ou=users,dc=domain,dc=com)
    • Base DN (e.g. DC=domain,DC=com)
    • Auto populate groups
    • Groups Object Class
    • Groups Unique Identifier Attribute
    • Group Membership Identifier Attribute
    • User Object Class
    • User Unique Identifier Attribute
    • Page size
    • Connection Type
    • Trust any certificate (not secure)
    • Use system proxy settings
  4. Click Test to validate the URLs, token, and connection.

Additional Information

Steps required for setting AD roles Mapping:

  1. Create OpenLDAP child entry of User Account template under wanted Organisational Unit and Posix Group, with uid as part of DN: user
  1. Create OpenLDAP child entry of Posix Group template, with created account from step 1 as memberUid: group

  1. In case of using different attributes and class/group templates (different objectClass), customize the following default values in instance configuration:

    • Groups Object Class
    • Groups Unique Identifier Attribute
    • Group Membership Identifier Attribute
    • User Object Class
    • User Unique Identifier Attribute

  2. Navigate to Settings > USERS AND ROLES > ROLES.

  3. Chose Role.

  4. Add the created group from step 2 to AD Roles Mapping. mapping

  1. Login to Demisto using uid or full DN and password of creted user from step 1.
Edit this page
Report an Issue