Introduction

The idenprotect Active Directory Agent is a Spring-Boot microservice which can be deployed on-premise and provides an additional layer of security for communications between the idenprotect Core Platform and your Active Directory.

This in-depth guide will take you through the step-by-step process of downloading, installing and configuring the idenprotect Active Directory Agent. Each step links to an article about the specific part of the process you are on. Each of these articles has links to forward you on to the next step or to return you to a previous step.

How does the idenprotect Active Directory Agent Work?

To see how the idenprotect Active Directory Agent works and the sequence of events for synchronizing users, please see What is the idenprotect Active Directory Agent

Installing idenprotect Active Directory Agent

Pre-requisites

As the primary feature of the idenprotect Active Directory Agent is to perform the synchronization of users to the idenprotect Core Platform you will need to have a working and configured idenprotect Core Platform installation and should be familiar with LDAP Sync. If you need to do your installation first, please Start Here - idenprotect Core Platform, if you would like more information on LDAP Sync, please see LDAP Connection Configuration

Downloads

Visit the Downloads and Links page to download the latest idenprotect Active Directory Agent Version.

Installing with an RPM

All of our server applications are installed using RPM files. Please see our Installing with an RPM guide.

Verifying an installation

To verify that your RPM installation has been successful, please see Verifying an RPM installation

Upgrade an existing installation

To upgrade an existing RPM installation, please see Upgrading an RPM installation

Configuring idenprotect Active Directory Agent

If you have not made any configuration changes yet, please see How to make configuration changes

Webserver Configuration

WebSocket Configuration

To see how to configure the WebSocket connection (for both idenprotect Core Platform and idenprotect Active Directory Agent, please see WebSocket Configuration

LDAP Configuration

NOTE: If you have set the Should Send Settings property in WebSocket Configuration to false, any changes made in the idenprotect Core Platform configuration screens will NOT be sent out to the idenprotect Active Directory Agent. This is a perfectly acceptable configuration and your configuration will instead be affected by making changes to the ldap.properties file. However, where the following articles make reference to the ldap.properties file location on the server, you should instead be looking in /etc/idenprotect/adsync/ldap.properties

To see how to configure the LDAP Connection, please see LDAP Connection Configuration

To see how to configure the User Synchronization, please see LDAP User Sync Configuration

To see how to configure the Admin Synchronization, please see LDAP Admin Sync Configuration

Logging Configuration

To see how to configure logging for the idenprotect Active Directory Agent, please see Logging Configuration for idenprotect Active Directory Agent

Testing the idenprotect Active Directory Agent

To see how to test the idenprotect Active Directory Agent configuration, please see Testing idenprotect Active Directory Agent