What is Okta LDAP? #
Okta LDAP allows cloud based LDAP authentication against Universal Directory instead of an on-prem LDAP server, including Active Directory.
Why Should You Use the Okta LDAP Connector? #
The Okta LDAP connector provides visibility into the assets in your environment. You can use this visibility to:
-
ensure assets are managed per your security policies
-
ensure users are managed per your security policies
-
derive relationships between assets, users, applications, and data
How Does This Connector Work? #
Lucidum executes read-only requests to the Okta LDAP REST API and ingests only meta-data about Okta LDAP devices. Lucidum does not retrieve any data stored on your assets.
Configuring the Connector in Lucidum #
| Field | Description | Example |
|---|---|---|
| Host | The hostname or IP address of the LDAP server. | 10.2.290.29 |
| Port | ITCP/UDP port 389 . If SSL is enabled, specify TCP port 636. | 389 |
| User Name | A user name or email for an LDAP account that can query/read Active Directory.
For a domain user, the user name should be in the form: DOMAIN\USERNAME (for example, LDAP\lucidum). If SSL is enabled, enter an email address. For example [email protected] |
justynmutts |
| User base | Search base for user information. It is better to provide the “root” base for Lucidum.
For example, dc=lucidum,dc=okta,dc=com |
dc=lucidum,dc=okta,dc=com |
| Password | A password for an LDAP account that can query/read Active Directory. | ********************* |
| Computer base | Search base for computer information. Provide the “root” base.
For example, dc=lucidum,dc=okta,dc=com |
dc=lucidum,dc=okta,dc=com |
| SSL Authentication | Toggle on and off to enable SSL authentication.
Default mode if “off” |
Off |
| Authentication Method | Choices are SASL or SIMPLE. Default method is SIMPLE. | SIMPLE |
| TLS Validation | TLS validation method.
Default is “CERT_NONE”. |
CERT_NONE |
| TLS Version | TLS version.
Default is “PROTOCOL_TLSv1”. |
PROTOCOL_TLSv1 |
| TLS Ciphers | TLS ciphers.
Default is ALL and let the connector negotiate a matching cipher |
ALL |
| Auto Bind | Toggle on and off auto binding. The default value is “on”. | On |
| Connection Timeout | Connection timeout in seconds. Default value is 10 seconds. | 10 |
| Get Server Info | Specify schema, info, or all. | All |
| Read Only | Toggle on and off. Specify if the connection is Read only.
Default value is “on”. |
On |
| Check Names | Toggle on and off.
When set as true, attribute names in assertions and filters will be checked against the schema (Server must have schema loaded with the get_info=ALL or get_info=SCHEMA parameter) and search result will be formatted as specified in schema. Default value is “on”. |
On |
| LDAP Version | LDAP version.
Default value is “3”. |
3 |
| Client Strategy | Communication strategy used by the client.
Default is SYNC |
SYNC |
| Auto Referrals | Toggle on and off.
Whether the Connection must follows referrals automatically. Default value is “off”. |
Off |
| Page Size | Result paged size.
Default is 1000 |
1000 |
| Mode | Specify dual IP stack behaviour for resolving LDAP server names in DN. | |
| Proxy | If you are using a proxy server to allow this connector to communicate with on-premises devices, enter the IP address: port for the proxy server, usually 192.168.255.6:3128. | 192.168.255.6:3128. |
Source Documentation #
Configuring Okta LDAP #
https://help.okta.com/en-us/content/topics/directory/ldap-agent-get-started.htm
API Documentation #
https://developer.okta.com/docs/reference/
