Microsoft Active Directory

Microsoft Active Directory (AD) provide a single point of control for managing users, computers, groups, and other resources on a network. Active Directory uses a structured data store as the basis for a logical, hierarchical organization of directory information

The Lucidum connector ingests the following types of assets:

• Computers

• Users

Configuring the Connector for Microsoft Active Directory #

To configure Lucidum to ingest data from Microsoft Active Directory:

1. Log in to Lucidum.

2. In the left pane, click Connector.

3. In the Connector page, click Add Connector.

4. Scroll until you find the Connector you want to configure. Click Connect. The Settings page appears.

5. In the Settings page, enter the following:

   • Host. The hostname or IP address of the LDAP server.

   • Port (optional). ITCP/UDP port 389 . If SSL is enabled, specify TCP port 636.

   • User Name. A user name or email for an AD account that can query/read Active Directory. For a domain user, the user name should be in the form: DOMAIN\USERNAME (for example, LDAP\lucidum). If SSL is enabled, enter an email address.

   • User base. Search base for user information. It is better to provide the “root” base for Lucidum. For example, dc=ad,dc=lucidum,dc=com

   • Password. A password for an AD account that can query/read Active Directory.

   • Computer base. Search base for computer information. Provide the “root” base. For example, dc=ad,dc=lucidum,dc=com

   • SSL Authentication (optional). Toggle on and off to enable SSL authentication. Default mode if “off”

   • Authentication Method (optional). Choices are SASL or SIMPLE. Default method is SIMPLE.

   • TLS Validation (optional). TLS validation method. Default is “CERT_NONE”.

   • TLS Version (optional). TLS version. Default is “PROTOCOL_TLSv1”.

   • TLS Ciphers. TLS ciphers. Default is ALL and let the connector negotiate a matching cipher

   • Auto Bind (optional). Toggle on and off auto binding. The default value is “on”.

   • Connection Timeout (optional). Connection timeout in seconds. Default value is 10 seconds.

   • Get Server Info (optional). Specify schema, info, or all.

   • Read Only (optional). Toggle on and off. Specify if the connection is Read only. Default value is “on”.

   • Check Names (optional). Toggle on and off. When set as true, attribute names in assertions and filters will be checked against the schema (Server must have schema loaded with the get_info=ALL or get_info=SCHEMA parameter) and search result will be formatted as specified in schema. Default value is “on”.

   • LDAP Version (optional). LDAP version. Default value is “3”.

   • Client Strategy (optional). Communication strategy used by the client. Default is SYNC

   • Auto Referrals (optional). Toggle on and off. Whether the Connection must follows referrals automatically. Default value is “off”.

   • Page Size (optional). Result paged size. Default is 1000

   • Mode (optional). Specify dual IP stack behaviour for resolving LDAP server names in DN.

   • Proxy. If you are using a proxy server to allow this connector to communicate with on-premises devices, enter the IP address: port for the proxy server, usually 192.168.255.6:3128.

6. To test the configuration, click Test.

   • If the connector is configured correctly, Lucidum displays a list of services that are accessible with the connector.

   • If the connector is not configured correctly, Lucidum displays an error message.

API Documentation #