Complete the following steps to set up a DualShield LDAP Broker in a DualShield platform.

Enable Agent Registration

From the point of view of the DualShield authentication server, the DualShield LDAP Broker is treated as an Authentication Agent. Therefore, in order to install a DualShield LDAP broker, we need to first enable the Agent Registration option.


For an authentication agent to be able to connect to the DualShield authentication server, the agent must be registered in the DualShield authentication server.

For security purposes, the agent registration function is disabled by default. You need to enable the Agent Auto Registration function in your DualShield authentication server.

From the management console, navigate to "Authentication | Agents", then click  


A new window will now open titled "Auto Registration", ensure the "Enabled" option is selected, then click ;


Tick the "Enabled" option first, then fill in the Starts and Expires date.

You may want to enable the "Check IP" option for extra security. If this option is enabled, then in the "IP Addresses" field you must enter the IP address of the machine where the authentication agent is being installed.

Click on the button, and Auto-Registration will now take place during the installation of the RADIUS server.

Install LDAP Broker

Like the DualShield server itself, the DualShield LDAP broker is typically installed on a Windows server. However, if desired the DualShield LDAP broker can also be installed on a Linux server.


To install the DualShield LDAP Broker, launch the installer DualLdapSetup64-nnnn-signed.exe, in which nnnn is the version number, and go through the following steps:

Welcome

Licensing Agreement

Target Path

Port Number

Agent Registration

Registration URL: Enter the FQDN of your DualShield server

Agent Name: Enter a name to describe this LDAP broker

Components Selection

Select "LDAP Broker"

Package Selection

Select "DualShield Ldap Broker"

Summary

Install Files

Install Services

Installation Completed






To install DualShield LDAP broker from a Linux console, execute the following commands:
  1. Grant the execution permission for DualShield LDAP broker installer:  chmod a+x DualLdapSetup64-nnnn.bin 
  2. Start the installation: ./DualLdapSetup64-nnnn.bin  -- -console 
    in which xxx is the version and build number. 


Connect LDAP Broker to LDAP Application 


Generally, an application has to be published before it can be accessible by users.

To publish an application on an authentication agent, first navigate to the application list by selecting "Authentication | Applications" in the side panel

Click the context menu icon "..." of the application, e.g. "Office 365" to access its context menu

select "Agents" in the context menu

select the authentication agent on which the application is to be published, e.g. "Single-Sign-on Server"

Click "SAVE" button to save the settings


An LDAP application has to be published on one or many LDAP agents.

 





Quick Test


  • No labels