Support for OpenLDAP for user management and authentication

OpenLDAP support for authenticating user is missing currently in Resilient (v30).

Such feature would permit customers and analysts to be authenticated from an LDAP directory service.

It would support:

- ldap(s)://url

- Bind DN

- Base DN

- Bind User or Anonymous

- Search filter

- Field mapping

  • Guest
  • Apr 23 2018
  • Future consideration
  • Attach files
  • Guest commented
    5 Nov, 2018 03:18pm

    In my opinion Resilient should support standard LDAP v3 protocol instead of specific LDAP product like AD, openLDAP, ...

  • Guest commented
    14 Aug, 2018 04:00pm

    I believe, the configuration parameter to authenticate against external LDAP, currently AD, is hardcoded.
    For examples:
    - The group entity must be objectClass=group
    - The user entity must be objectClass=user and the memberOf attribute must be part of the user entity.

    I tried changing the schema in the openLDAP to include those rules and it works.
    So, basically, it is a minor change to allow dynamic (non-hardcoded) value of configuration parameter, then it will work on any LDAP repository, not just openLDAP. Well, except that memberOf attribute, because not every LDAP design, I mean most of LDAP design, does not put memberOf attribute in the user entity. Meaning that Resilient must change the code to get authorization confirmation from group entity, not user entity.

  • Guest commented
    4 May, 2018 07:31am

    OpenLDAP is used by more and more customers and it is important to allow them to integrate Resilient smoothly with their chosen infrastructure.