Anonymous Bind
Default ThreatQ Role: Administrative or Maintenance
Custom Role - Action Permissions: Administrative Functions - Edit User Management
Only users with an Administrative or Maintenance account can access LDAP settings.
ThreatQuotient strongly recommends that you perform a full backup before changing your authentication method.
- Navigate to Settings
> User Management. - Click on the LDAP option.
The Anonymous Bind LDAP Settings form will load by default.
- Populate the fields in the Primary Server Settings section:
Field Description Server Address Enter the name of the server where LDAP is hosted.
Example: ldap://[servername]Port # 389 for LDAP
636 for LDAPS
If LDAPS is used, the Port # will default to 636.LDAP Domain Enter the domain for which LDAP is configured to authenticate.
Example: threatq.comLDAP Group Domain Append Domain to Username? Choose from the following options: - Yes for most Active Directory servers
- No for most Open LDAP servers
Filter Field Name This field is specific to your LDAP directory configuration.
AD Example: memberuid
OpenLDAP Example: uid
Group Field Name This field is specific to your LDAP directory configuration.
AD Example: memberof
OpenLDAP Example: cnUse RDN? Choose from the following options: - Yes to use Relative Distinguished Names. When you select this option, the Organization Unit (OU) and User Lookup Name fields are displayed.
- No to use full Distinguished Names
Organizational Unit (OU) This field is specific to your LDAP directory configuration. Your LDAP administrator should provide the correct value for this field. User Lookup Name This field is specific to your LDAP directory configuration.
AD Example: memberUid
OpenLDAP Example: uid - Complete the MAP your Permission Levels to LDAP section:
You cannot list the same LDAP User Group for multiple permission levels. For roles not mapped, you should enter a hyphen: "-." You cannot save the configuration without entering a value in each field.
Field Example Maintenance Account OpenLDAP Example: ldapSuper
AD Example: CN=tq‑maintenance,CN=Builtin,DC=yourdomain,DC=comAdministrative Access OpenLDAP Example: administrator
AD Example: CN=linux‑admins,CN=Builtin,DC=yourdomain,DC=comPrimary Contributor Access OpenLDAP Example: ldapAnalyst
AD Example: CN=primary‑contributor,CN=Builtin,DC=yourdomain,DC=comRead Only Access OpenLDAP Example: ldapObserver
AD Example: CN=read‑onlyCN=Builtin,DC=yourdomain,DC=com - Click Save.
- Click on the Enable/Disable toggle switch to enable LDAP.
If your LDAP fails to enable or fails to function properly, validate your inputs. If the configuration continues to fail, please contact ThreatQ Support.
Configuring Secure LDAP
The following instructions are for Anonymous Bind LDAP connections only. The steps needed to create a secured connection authenticated bind are included in the Configuring Authenticated Bind LDAP Settings topic.
ThreatQuotient strongly recommends that you perform a full backup before changing your authentication method.
To configure secure LDAP, you must complete the following steps:
- Enter your LDAP settings in the ThreatQ user interface. See the Anonymous Bind steps above for more details.
- Access the ThreatQ appliance command line as root and edit and navigate to the following directory: /etc/openldap/.
- Use vi to edit ldap.conf and update/confirm that your settings are as follows:
#
# LDAP Defaults
## See ldap.conf(5) for details
# This file should be world readable but not world writable.BASE dc=[your domain],dc=com
URI ldap://[your servername]:389 ldaps://[your servername]:636#SIZELIMIT 12
#TIMELIMIT 15
#DEREF neverTLS_CACERTDIR /etc/openldap/certs# Turning this off breaks GSSAPI used with krb5 when rdns = false
SASL_NOCANON on
TLS_REQCERT allowThreatQ recommends that you edit ldap.conf on the appliance, rather than editing off box and uploading it. If you do edit the file off box, ensure that you use a linux editor. Windows and Mac editors may corrupt the file.
If your LDAP fails to enable or fails to function properly, validate your inputs. If the configuration continues to fail, please contact ThreatQ Support.