Importing users with LDAP or Active Directory

You can import user data, directly into the UBA app, from an LDAP or Active Directory server.

Before you begin

You can import users with the User import wizard. For more information, see Importing users

About this task

Tip:

After an import is configured and the task has run to completion at least once, you should go to the Tuning page and make any necessary adjustments to the attributes.

Procedure

  1. On the User imports window, click Add and then click LDAP/AD.
  2. In the Protocol field, select ldap:// or ldaps:// for TLS.
  3. In the LDAP Server Host field, enter an IP address or hostname. For example, 10.10.10.10 or sample.ldap.server.
  4. In the Port field, enter the port for the LDAP server.
  5. In the Username (Bind DN) field, enter the user name that is used to authenticate the LDAP server and enter the password in the Password field.
  6. Click Advanced Settings. Note: You can change the Base DN; otherwise, when you click Test Connection the system determines the default values that are most applicable and populates the Base DN.
  7. In the Base DN field, the field is auto-populated or you can enter the point in the LDAP directory tree from where the server must search for users. For example, if your LDAP server was on the domain example.com, you might use: dc=example,dc=com.
  8. In the Filter field, enter the attribute or attributes you want to use to identify the users in a search request. For example: cn=*; uid=*; sn=*. The following default values will work with Active Directory: (&(sAMAccountName=*)(samAccountType=805306368)). For more information, see https://ldap.com/ldap-filters/.
  9. In the Certificate field, click the Upload icon to add a root certificate authority (PEM) file.
  10. The Paged results checkbox is selected by default to avoid limiting the number of records the LDAP server returns for each poll. Paged results are not supported by all LDAP servers.
  11. Click Test Connection to confirm that UBA can connect to the LDAP server.
  12. Click Next.
  13. On the Other import settings screen, in the Configuration name field, enter a name to represent the configuration.
  14. If you want to update the reference table with user imported data, enable Synchronize reference table. (Available in 3.8.0 and later.)
    1. In the Reference table name field, enter a name.
    2. In the Reference table outer key field, select a unique value to group all other attributes. Note: The outer key list is populated from the attributes list when you click Test connection on the LDAP server configuration page.
    3. Select the Generate map of sets checkbox to make data available for use in rules and searches.
  15. In the Polling interval field, define how often you want the app to poll your LDAP server for data. You can enter a polling interval of zero to manually poll. If you enter a polling interval of zero, you must poll the app manually with the poll option that is displayed in the feed.
  16. In the Retrieval limit field, enter a value for the number of records you want the poll to return.
    The maximum number of records that can be returned is 500,000.
  17. Click Next to review the summary of the configuration and then click Save.

What to do next

You can add more import configurations or continue tuning your existing import configurations.