Integrate LDAP with Xprotect

Lightweight Directory Access Protocol (LDAP) integration with the Xprotect instance helps you fetch an interested list of users from an Active Directory (AD) to later set up Xprotect User policies for these users. After the initial integration with the instance, you can set up Xprotect to automatically refresh the user base at periodic time intervals. 

Integrate LDAP

Ensure that you keep a working set of LDAP server credentials and the public key of the LDAP server handy. You will also need to enter search queries to filter and fetch the user base from the AD.

Enter LDAP integration details

You can integrate only One LDAP with an Xprotect instance.

  1. Go to Users.

  2. Click Configure LDAP.

  3. In the LDAP URL text box, enter the URL to the AD. For example, ldaps://10.30.56.157.

  4. (Optional) In the Public Key for TLS text box, paste the public key for certificate exchanges with the LDAP server.

  5. In the Search Base (Base DN) text box, enter the search query to filter the list of users in the AD. For example, CN=Users,DC=ad2016,DC=com

  6. In the Username (Bind DN) text box, enter the username to the LDAP server. For example, testuser1@ad2016.com.

  7. In the Password text box, enter the password to the LDAP server.

  8. Click Save and Continue.


Test connectivity with LDAP server

After you save the LDAP integration, you must use an additional User filter to filter and preview the users in the search query. Previewing users also help you verify if the instance can connect to the LDAP server.

  • In the User Filter text box, enter the query to filter the users. 

    By design, the User filter is set to (&(objectClass=user)(userPrincipalName=*)(!(UserAccountControl:1.2.840.113556.1.4.803:=2)))

Set up refresh interval

The LDAP integration can be set up to fetch new and updated users (for the User filter) in the AD. You can set up a minimum refresh interval of Four hours (Default) and up to 23 hours and 59 minutes. Xprotect queries the AD for new and updated users periodically, at this interval.

  • Scheduled refresh - in the Refresh Interval tile, set the refresh interval and click Save

  • Manual refresh - click Refresh Now (located at the lower right corner of the tile) to refresh the user base manually.

Successful LDAP integration

Upon successful integration with the AD, you will see 3 additional tabs on the Users page.

  • AD-Groups - all Security groups fetched from the integrated AD.

  • AD-Departments - all Departments fetched from the integrated AD.

  • Users - the users who are currently logged into the hosts.  

Failed LDAP integration

LDAP integration with the Xprotect instance cannot be completed if you input incorrect credentials or other details during the initial setup.

For an active LDAP integration, if the Xprotect instance cannot connect to the AD server, you will see that the Last Refreshed time in the Refresh Interval tile is stagnant. 

Next steps

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.