Current ThreatQ Version Filter

LDAP Connection Requirements

Before configuring a connection to your LDAP server, coordinate with your LDAP administrator to obtain, at a minimum, the following required information:

Anonymous Bind

The following information is required for the LDAP Anonymous Bind connection. See the Anonymous Bind topic for full details.

  • LDAP Server URL
  • LDAP Port
  • LDAP Group Field Name
  • LDAP Filter Field Name
  • * LDAP group mappings for:
    • Super
    • Maintenance
    • Analyst
    • Observer 

Authenticated Bind

The following is required for the LDAP Authenticated Bind connection. See the Authenticated Bind topic for more details. 

  • LDAP Server URL
  • LDAP Port
  • LDAP Group Field Name
  • LDAP Filter Field Name
  • * LDAP group mappings for:
    • Super
    • Maintenance
    • Analyst
    • Observer 

* Important Note for both Anonymous and Authenticated Bind Group Mappings

To ensure successful authentication, each LDAP user should belong to only one (1) LDAP user group. If this is not feasible, new LDAP groups should be created with mutually exclusive user membership.

LDAP user groups require careful planning to avoid permission conflicts caused by overlapping group memberships. For example, when a user inherits read/write permissions from one group but is denied write access through another.

It is recommended to implement a clear hierarchy of group memberships for each security device instance, with an administrative group at the top and a standard user group at the bottom. Multi-group membership should be avoided in favor of a least-privilege approach, and group nesting should be kept as shallow as possible.

Permissions should be assigned through group membership rather than individual user roles to maintain consistency and simplify access management.