PK Protect provides the ability to add a new LDAP Server for Dynamic Masking. To add server details, click Add New LDAP Server tab on the LDAP Servers screen.
The Add LDAP Server Configuration screen will appear. Follow the below steps to configure LDAP server:
LDAP Source Name: Enter a unique name for each LDAP server. This is a mandatory field.
LDAP URL: Enter a unique LDAP IP address.
Domain: Enter a unique LDAP domain.
Username: Enter the username of the LDAP user.
Password: Enter the password of the LDAP user.
Base DN: Enter the unique LDAP group area or organization unit.
Group Search Phrase: Enter the search phrase for the user groups. This field is used as a search filter for importing the user groups.
For an instance, if you want to search for a group name ‘Documentation’ such that objectClass=group and cn=documentation, apply the search filter in order to import the user group details either by specifying (&(objectClass=group)(cn=documentation))or(&(objectClass=group)(cn=*documentation*))
This search filter will import the group “documentation” from the user groups. This filter will work only if the group with the given object class exists i.e., “cn”, otherwise the user groups won't be imported.
User Search Phrase: Enter the user search phrase in this field to import the users. You can use this filter to import a particular user from the group and not all the users.
For an instance, If you want to import firstname.lastname@example.org from a group, then you can apply the search filter as: (&(objectClass=user)(cn=*john*)) or you can also provide exact cn details in the search filter as: (&(objectClass=user)(email@example.com)).
This search filter will import the user “John” from the user groups. This filter will work only if the group with the given object class exists i.e., “cn”, otherwise the user groups won't be imported.
Principal Key: Enter the principal key for the LDAP Server. A principal key is a set of secret keys that is encrypted with either a shared or a private master key.
Check Set as Default option to set the LDAP Server Configuration as the default configuration for all the LDAP servers.
Using Advanced Filter Details panel, you can set the advanced settings for LDAP Server Configuration. Following is the list of advanced settings:
Active Directory: Set the value to Yes if LDAP account is a Windows Active Directory, otherwise No.
Member of User Search: Set the value to Yes if the MemberOf attribute is in the OpenLDAP Server, otherwise No. This attribute specifies the groups that users are associated with.
Email as Username: Set the value to Yes if you want to import user’s email address as the username. If value is set to No, it imports the username attribute from AD as the username. By default, the value is set to No. For example, firstname.lastname@example.org is the email address where “john.dev” will be set as username.
Click Save to save the changes, else click Cancel.