LDAP Connector

This section details how to configure an LDAP Connector.

Required By

LDAP Trigger

Prerequisites

On the LDAP side, it is required to create a technical user with permissions to write in the LDAP sub DN, so that Horizon will be able to search by email, to publish and to unpublish certificates using that technical user. The following information will be required later:

  • LDAP Hostname

  • a login DN

  • a password

  • Base DN to publish SMIME certificates

How to configure LDAP Connector

1. Log in to Horizon Administration Interface.

2. Access LDAP Connector from the drawer or card: Third Parties  LDAP  Connectors.

3. Click on Add Connector.

4. Fill the mandatory fields.

Connection

  • Name* (string input):
    Enter a meaningful connector name. It must be unique for each connector. Horizon uses the name to identify the connector.

  • Hostname* (string input):
    Enter the URL pointing to LDAP.

  • Login DN* (string input):
    Enter the DN technical user created for Horizon.

  • Password* (string input):
    Enter the password associated with the login.

  • Base DN* (string input):
    Enter the Base DN where Horizon should publish the certificate.

  • Max stored certificates per holder* (int):
    When specified, define a maximum number of certificates stored in the third party.

  • Port (int):
    Enter the port where to reach the running LDAP instance (default values are 389 for LDAP and 636 for LDAPS).

  • Proxy (string select):
    The HTTP/HTTPS proxy used to reach LDAP, if any.

  • Timeout (finite duration):
    Set by default at 10 seconds. Must be a valid finite duration.

Assets identification

  • Filter* (string input):
    Enter the custom filter. By default, LDAP Identities are filtered by (objectclass=user). If you are using inetOrgPerson as type, you will have to manually set the following filter: (objectclass=inetOrgPerson).

  • Target LDAP publication attribute (string input):
    When specified, the certificate will be published on the specified attribute. In most LDAP applications you will have to set the field to: "userCertificate;binary" but in MSAD the field is already well managed.

Actors management

These configuration elements mainly define the number of authorized interactions with the remote service on a defined period. For example, one needs to ensure that the remote service will not be contacted more than 5 times per 3 seconds. Throttle parallelism defines the number of times and Throttle duration the period of time. Therefore, on the above example, throttle parallelism would be set to 5 and throttle duration would be set to 3 seconds.

  • Throttle duration* (finite duration):
    Set by default to 3 seconds. Must be a valid finite duration.

  • Throttle parallelism* (int):
    Set by default to 3.

5. Click on the save button.

You can update Edit Connector or delete Delete Connector the LDAP Connector.

You won’t be able to delete a LDAP Connector if it is referenced in any other configuration element.