1. Kemp Support
  2. Knowledge Base
  3. SSO / ESP

How to Configure an LDAP Endpoint

Updated

As of 7.2.36.0, you can configure LDAP endpoints in the LoadMaster. Once configured, these endpoints can be used to configure LDAP Web User Interface (WUI) authentication. For instructions on how to use LDAP for WUI Authentication, refer to the following article: How to Use LDAP for WUI Authentication

This guide relates to configuring an LDAP endpoint.

In the LoadMaster WUI, go to Certificates & Security > LDAP Configuration. Create a new LDAP endpoint by typing a valid name and clicking Add. No special characters or spaces are allowed.

 1.JPG

Then, specify your parameters.

2.JPG

LDAP Server(s) = The IP address(es) of your LDAP server.

LDAP Protocol = The protocol. Choices are Unencrypted, StartTLS or LDAPS.

Validation Interval = How often the user is re-validated against the LDAP server.

Referral Count = Set this field to a value between 1 and 10 to enable referral chasing. The number specified will limit the number of hops (referrals chased). Set to 0 to disable.

Admin User = The username checked against the LDAP to verify if it is up.

Admin User Password = The password of this user.

LDAP endpoints can be used in SSO domains and/or for WUI authentication. For more information, refer to the following article: How to use LDAP for WUI Authentication

Related KB

Using LDAP Search To Test ESP Authentication

 

 

Was this article helpful?

0 out of 1 found this helpful

Related articles

Comments

Avatar
prishen.pillay

I am Unable to delete the existing LDAP endpoint, it is showing grayed out.

Avatar
Bill DeCastro

Hi Prishen,

This happens when the LDAP Endpoint is already in use. To confirm where the LDAP Endpoint is in use, you'll need to verify three locations:

1. Navigate to Virtual Services > Manage SSO (if present) > modify any SSO domain that you may be using for LDAP authentication > view the LDAP Endpoint field.

2. Navigate to Certificates & Security > Remote Access > WUI Authorization Options > observe the LDAP Endpoint field in the LDAP row.

3. Navigate to Virtual Services > View/Modify Services > modify any VS designed to load balance LDAP traffic > expand Real Servers and view the LDAP Endpoints field.

I would recommend against changing these fields, as they will modify some aspect of your LoadMaster. If you find the LDAP Endpoint is currently assigned to a field or feature you're no longer using, only then would I recommend removing it.