Settings → Authentication

Integrate AD/LDAP HA authentication

About LDAP HA

LDAP High Availability (LDAP HA) ensures the LDAP service remains operational during failures through specific configurations and technical measures. This improves the availability and reliability of directory services, ensuring that directory information within an organization is continuously accessible.

In Ixiea, the integration of LDAP HA typically ensures that if the primary LDAP server fails, the system can automatically switch to a backup LDAP HA server, ensuring the continuity of authentication services. This way, even if an LDAP server experiences issues, Ixiea can continue processing user authentication requests without causing downtime or service interruptions.

Configure LDAP before setting up LDAP HA. See Integrate LDAP guide

How to configure

  1. Click the settings gear in the bottom-left navigation.

  2. Open Settings → Authentication → LDAP HA.

  3. In the LDAP HA field, check to enable LDAP HA authentication.

  4. In the Server field, type the LDAP HA server URI, such as "ldap://example.com:389" and "ldaps://example.com:636".

    To configure LDAP HA TLS certificates, you can upload the files "ldap_ha_ca.pem, ldap_ha_cert.pem, ldap_ha_cert.key" to the directory "/data/Ixiea/core/data/certs", then restart the service.

  5. In the Bind DN field, type a user DN with at least query permissions, which will be used to query and filter users, such as "cn=admin,dc=example,dc=com".

  6. In the Password field, type the password for the "Bind DN" user.

  7. In the Search OU field, type the search OU to specify where to start searching for users, use | to separate multiple values, such as "ou=users,dc=example,dc=com | ou=tech,dc=example,dc=com".

  8. In the Search filter field, type the filter expression to search for LDAP HA users. By default, the expression is "(cn=%(user)s)", where "%(user)s" is the placeholder syntax in Python. During filtering, it is replaced with *, resulting in "(cn=*)", which searches for all users. You can also replace "cn" with the actual username field, such as "uid" or "sAMAccountName".

  9. In the User attribute field, type the user attribute mapping. The key represents the Ixiea user attribute name (available options: name, username, email, is_active, groups, phone, comment), while the value corresponds to the LDAP HA user attribute name.

  10. In the Connect timeout (s) field, type the LDAP HA connection timeout in seconds.

  11. In the Search paged size (piece) field, type the page size for searching users.

  12. In the User DN cache timeout (s) field, type the cache duration for user DN in seconds to improve login authentication speed. Submit the form to clear the cache if the user DN is changed, otherwise, authentication will fail.

  13. Click Submit.

Test LDAP HA connection

  1. Click the settings gear in the bottom-left navigation.

  2. Open Settings → Authentication → LDAP HA.

  3. Scroll to the bottom of the page.

  4. Click Test connection.

Test LDAP HA user login

  1. Click the settings gear in the bottom-left navigation.

  2. Open Settings → Authentication → LDAP HA.

  3. Completed and tested LDAP HA configuration successfully.

  4. Scroll to the bottom of the page.

  5. Click Test login.

  6. In the pop-up window, type the username and password for LDAP HA user.

  7. Click Confirm.

Import LDAP HA users

  1. Click the settings gear in the bottom-left navigation.

  2. Open Settings → Authentication → LDAP HA.

  3. Completed and tested LDAP HA configuration successfully.

  4. Scroll to the bottom of the page.

  5. Click User import.

  6. In the pop-up window, you can import LDAP HA users in the following ways.

    Click Sync Users to sync LDAP HA users to the table.

    In the Import organization field, select one or more organizations to import.

    Check the users you want to import, click Import to proceed.

    Alternatively, you can click Import all to import all users.

Set up LDAP HA user sync

  1. Click the settings gear in the bottom-left navigation.

  2. Open Settings → Authentication → LDAP HA.

  3. Completed and tested LDAP HA configuration successfully.

  4. Scroll to the bottom of the page.

  5. Click Sync settings.

  6. In the pop-up window, type the following information to configure.

    In the Organization field, Select one or more organizations to sync.

    In the Periodic field, check to enable periodic sync.

    In the Crontab field, type the crontab expression. If empty, "Interval" will be used.

    In the Interval field, type the sync interval in hours.

    However, if "Crontab" has a value, "Crontab" will take priority.

    In the Recipients fields, select one or more users to receive the sync result.

    Click Confirm.