Configure LDAP directories

LDAP directories are the recommended way to deal to deal with user discovery and automatic account creation, as it can detect alias addresses and declare them appropriately on the platform.

Go to Clients > Details > Administration > Quarantines and click Configure LDAP directories to configure one or more LDAP directories.

Requirements

In order for Vade Cloud™ to use your LDAP directory, you must comply to the following requirements:

LDAP Versions: Vade Cloud™ supports LDAP v2 and v3, and both Open LDAP or Active Directory formats.
Network access: Your LDAP directory must be reachable on a public IP address.
Note: As you may not want to expose your internal LDAP directory to external services, you can set up a copy of your directory instead.
Important: Vade recommends setting up a firewall in front of the LDAP server, and to whitelist Vade Cloud™ IP addresses, as described in the Firewall Rules & Network Access section.
LDAPS: If available, enable LDAPS to secure LDAP transactions between Vade Cloud™ and your directory.

Manage LDAP directory

You can add or delete LDAP directories in Clients > Details > Administration > Quarantines > Configure LDAP directories.

Add a LDAP discovery: Click Add, enter all required information and click Add in the pop-in window to add a LDAP directory.
Delete a LDAP directory: Click > Delete in the list to delete a LDAP directory.

LDAP directories

Click Details in the list of LDAP discoveries to display the following information:

Description

Provide a meaningful name to the LDAP connection configured below.

Server

Hostname (FQDN) or IP address of the LDAP server.

Remember: The LDAP server must be reachable by Vade Cloud™. If you provide a hostname, this hostname must be resolvable publicly as well.

Port

Port used to connect to the LDAP server (TCP 389 or TCP 636).

Search Base

The LDAP search base, for example: ou=xxx,dc=xxx,dc=local.

Login

The login to use to connect to the LDAP server.

Password

The password to use to connect to the LDAP server.

Search Filter

The LDAP search filter, for example:

for OpenLDAP: uid=&s
for Active Directory: (|(mail=%s)(proxyAddresses=smtp:%s))

Search attribute

In a standard Active Directory, the search attribute allows to return the main email address of an account, for example: mail.

Secondary email field

The LDAP attribute to return which contains the user's alias address, for example: mail.

Priority

In case you set up multiple LDAP directories, set the priority accordingly to load-balance the LDAP connections, or to select a main LDAP server.

Domains using this directory

If you wish to restrict the use of this LDAP server to a certain domain, select the domain name in the list. Otherwise, leave the field empty to use it for All domains.

Additional attributes

Allows you to pass additional criteria to restrict the directory lookup, by passing company=your_company for instance, where the key must be set to company, and the value to your_company.

Important: Click Save at the bottom of the page and then Apply modifications at the top right of the page to save your new settings.