Some users may have issues creating a community account. For more information, please click here.

How to configure LDAP for VA

How to configure LDAP for VA

Software Vulnerability Manager Virtual Appliance allows to use LDAP authentication for SVM console. Your Active Directory Domain Controller server needs to have access for LDAP configured before proceeding with setting up LDAP in the Software Vulnerability Manager VA. 

Below Microsoft document explains how to configure LDAP on the Domain Controller. Please follow steps and then confirm that connection to LDAP server is successful. 

Setup LDAP using AD LDS (Active Directory Lightweight Directory Services) on your Domain Controller

In order to query the Active Directory you will need a user account to use to create the BIND between your SVM Server and the Active Directory

In the ldp.exe tool  go to "Connection" and select "BIND". Enter details for user account you have created to use for the BIND then select the "bind with credentials" option.

 

Bind.jpg

After confirming that connection to LDAP on your domain server is successful we can proceed with configuring Software Vulnerability Manager.

1. Login to your SVM Virtual Appliance and select option LDAP Settings


VA-LDAP.jpg

 

 

 

 

 

 

 

 

 

 

 

 

2. Enable "Use LDAP" and then enter all your details 

- LDAP Host URL - Enter your LDAP FQDN or IP followed by port (Default port for LDAP 389 and LDAPS 636)

- LDAP Base DN - Enter distinguishedName of the OU containing users which you will allow to use LDAP authentication for the SVM.  

Right Click on the OU containing users you intend to use for the SVM and select Properties. Go to Attribute Editor and search for  distinguishedName details. Please note that Attribute Editor tab is only visible in your Active Directory Users and Computer only after enabling  "Advanced Features" in View Menu. 

 

Advanced Features.jpg

Base DN details:

Base DN.jpg

 

- UID Attribute - Enter "sAMAccountName"

- Anonymous Bind - Disable this option to be able to enter user details

- Bind DN - Enter distinguishedName of the previously created "BIND" user

Right click on the "BIND" user, select Properties, then go to Attribute Editor tab. Search for distinguishedName and select View.

 

Bind DN.jpg

 

- Bind Password - Enter password for "BIND" user

 

Sample LDAP configuration:

LDAP Configuration.jpg

3. Select Save and wait for the LDAP to be configured by the server. 

4. Create user in the SVM console. Username in the SVM needs to match username in Active Directory. Make sure that option "Use LDAP for Authentication" is selected when creating user in the SVM console. 

AD User.jpg

SVM User.jpg

5. Save user. 

Now you are able to login to the SVM console using your Active Directory Credentials. Please note that you will need to repeat user creation for each AD user you want to use in Software Vulnerability Manager. Above guide explains how to connect to LDAP (transmits communication in clear text) but it can also be used to configure LDAPS (communication is encrypted and secure). You would need to configure LDAPS on your Domain Controller server using this Microsoft document  and set correct URL in the SVM VA LDAP configuration page (ldpas://FQDN:636 instead of ldap://FQDN:386) 

Labels (3)
Was this article helpful? Yes No
No ratings
Version history
Revision #:
8 of 8
Last update:
‎Dec 31, 2020 07:11 AM
Updated by:
 
Contributors