You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Next »

Our LDAP Broker tries to extend the normal LDAP authentication so that we can use OTP during the authentication.

The LDAP Broker is a tiny LDAP server, it has its own schema and user set.

Actually, the LDAP Broker only has one user - login user, which you need it when you specify the LDAP authentication server in your service, like Dell KACE, Juniper, CISCO ASA, NetScaler, or F5 BigIP. As the result, you are not going to see any users if your use some LDAP browser to connect the LDAP Broker.

The LDAP Broker will forward the bind request for any other users to DualShield server. That is when 2FA is triggered.

For the convenience, the login user DN and password are fixed, they are,

cn=dualshield,dc=deepnetsecurity,dc=com
password = password

If you want to change it, then you need to modify two files under the folder "C:\Program Files\Deepnet Ldap Broker\conf", for instance, you want to change domain to ds08.local, and user will be admin, and new password is "changeit",

deepnet-schema.ldif
dn:dc=ds08,dc=local
dn:cn=admin,dc=ds08,dc=local
userpassword:changeit
local_cfg.json
"--baseDN": "dc=ds08,dc=local",