How to configure LDAP for VA
Software Vulnerability Manager Virtual Appliance allows to use LDAP authentication for SVM console. Your Active Directory Domain Controller server needs to have access for LDAP configured before proceeding with setting up LDAP in the Software Vulnerability Manager VA.
Below Microsoft document explains how to configure LDAP on the Domain Controller. Please follow steps and then confirm that connection to LDAP server is successful.
In order to query the Active Directory you will need a user account to use to create the BIND between your SVM Server and the Active Directory
In the ldp.exe tool go to "Connection" and select "BIND". Enter details for user account you have created to use for the BIND then select the "bind with credentials" option.
After confirming that connection to LDAP on your domain server is successful we can proceed with configuring Software Vulnerability Manager.
1. Login to your SVM Virtual Appliance and select option LDAP Settings
2. Enable "Use LDAP" and then enter all your details
- LDAP Host URL - Enter your LDAP FQDN or IP followed by port (Default port for LDAP 389 and LDAPS 636)
- LDAP Base DN - Enter distinguishedName of the OU containing users which you will allow to use LDAP authentication for the SVM.
Right Click on the OU containing users you intend to use for the SVM and select Properties. Go to Attribute Editor and search for distinguishedName details. Please note that Attribute Editor tab is only visible in your Active Directory Users and Computer only after enabling "Advanced Features" in View Menu.
Base DN details:
- UID Attribute - Enter "sAMAccountName"
- Anonymous Bind - Disable this option to be able to enter user details
- Bind DN - Enter distinguishedName of the previously created "BIND" user
Right click on the "BIND" user, select Properties, then go to Attribute Editor tab. Search for distinguishedName and select View.
- Bind Password - Enter password for "BIND" user
Sample LDAP configuration:
3. Select Save and wait for the LDAP to be configured by the server.
4. Create user in the SVM console. Username in the SVM needs to match username in Active Directory. Make sure that option "Use LDAP for Authentication" is selected when creating user in the SVM console.
5. Save user.
Now you are able to login to the SVM console using your Active Directory Credentials. Please note that you will need to repeat user creation for each AD user you want to use in Software Vulnerability Manager. Above guide explains how to connect to LDAP (transmits communication in clear text) but it can also be used to configure LDAPS (communication is encrypted and secure). You would need to configure LDAPS on your Domain Controller server using this Microsoft document and set correct URL in the SVM VA LDAP configuration page (ldpas://FQDN:636 instead of ldap://FQDN:386)