DualShield LDAP Broker extends the standard LDAP authentication so that you can use OTP in a LDAP authentication.

The LDAP Broker is a small LDAP server, it has its own schema and user set.

Actually, the LDAP Broker has only one user - login user, which you need when you specify the LDAP authentication server in your service, like Dell KACE, Juniper, CISCO ASA, NetScaler, or F5 BigIP. As the result, you are not going to see any users if your use some LDAP browser to connect the LDAP Broker.

The LDAP Broker will forward the bind request for any other users to DualShield server. That is when 2FA is triggered.

For the convenience, the login user DN and password are fixed, they are,

password = password

If you want to change it, then you need to modify two files under the folder "C:\Program Files\Deepnet Ldap Broker\conf", for instance, you want to change domain to ds08.local, and user will be admin, and new password is "changeit",

"--baseDN": "dc=ds08,dc=local",

Of course, you need to restart the service, DualShield Ldap Broker.

  • No labels