Authenticate and/or import control panel user information easily from your already established Active Directory using LDAP. Options available in our control panel include:

LDAP Authentication

  • Login Credentials: Compares existing users Control Panel login credentials against your Active Directory, verifying the login information is correct. Authentication will fail for non-existent users.
  • Create Users (optional): Upon a successful LDAP Authentication, the user will be created in the Control Panel if it does not already exist.

LDAP User Import

  • Bulk Add Users Over LDAP: Imports needed user information and creates End User account within the Control Panel automatically.
  • Update New Users: Checks users against your Active Directory and updates as needed.
  • Delete Users (optional): Deletes control panel end users that no longer exist in the LDAP directory.

Depending on your desired outcome, each option can be used independent of each other or simultaneously.

Before continuing to the LDAP Control Panel Configuration, please verify that a 636/TCP firewall rule has been created, border firewall has been configured, and the Base DN & administrator Bind DN details are both noted.
Examples and Instructions are for Windows Server 2016, but steps can be reproduced on Windows Server 2008r2 and newer releases up to 2016.

LDAP Authentication Setup

An administrator is needed to setup LDAP Authentication. Login to the control panel and follow the steps here:

  1. On left side bar, under Client Account, click Overview.
  2. Above your account information, click the Manage tab and then the LDAP Authentication tab.
  3. To allow LDAP authentication, check LDAP Authentication Enabled.
  4. Enter the LDAP Server Host
    • LDAP server host is the LDAP servers public IP address. example: 255.255.255.0
  5. Enter the LDAP Server Port, 636 as we set it while creating the firewall rule.
    The LDAP Server needs to have the following IP Addresses allowed: 50.201.66.151 & 67.227.149.11. Set the LDAP Border Firewall.
  6. Check SSL (Recommended) for the LDAP encryption method.
  7. If using a self-signed SSL certificate, you must provide your CA certificate next.
    Only have No Certificate Verification enable for temporary testing.
  8. Enter desired LDAP Filter, for this setup we will use (mail=%n).
    • LDAP Filter/Base/Bind DN Expansions Options:
      • (mail=%n) - Username with @ or without if no @ was inputted
      • (mail=%u) - Username with @ removed
      • (mail=%d) - Domain name as domain.com
      • (mail=%D) - Domain name as dc=domain,dc=com
  9. Enter the LDAP BASE, example: DC=example-domain,DC=com.
  10. Check Use Bind DN/Password
  11. Enter the administrator LDAP Bind DN, example: CN=Users-Name,CN=Users,DC=example-domain,DC=com, and LDAP Bind Password.
  12. Check Fallback Admin Password (recommended).
    • Fallback to the control panel's passwords for Admin Accounts if LDAP authentication fails.
  13. Check Fallback User Password (recommended).
    • Fallback to the control panel's passwords for End User Accounts if LDAP authentication fails.
  14. Optional: Check Create Users.
    • Upon successful LDAP Authentication, create user in this control panel if it does not already exist. If not enabled, authentication will fail for non-existant users.
  15. Once complete, click Save

LDAP User Import Setup

An administrator is needed to create a LDAP User Import Plan. Login to the control panel and follow the steps here:

  1. Once logged in, on left side bar under Client Account, click Overview.
  2. Above of your account information, click the Manage tab and then the LDAP User Import tab.
  3. Create a new import plan, click New Plan.
    LDAP User Import will not modify existing users already created in the control panel. If an email address is assigned to an already existing user in the control panel, the LDAP import will skip that email address. Users created from a previous run of the LDAP Import will be updated according to the current LDAP data.
  4. To enable this import plan, check Active.
  5. Set how often the plan will be refreshed in Interval hours, example 24.
  6. Optional: Check Delete Users.
    • Delete control panel users that no longer exist in the LDAP directory.
  7. Enter the LDAP Server Host
    • LDAP server host is the LDAP servers public IP address. example: 255.255.255.0
  8. Enter the LDAP Server Port, 636 as we set it while creating the firewall rule.
    The LDAP Server needs to have the following IP Addresses allowed: 50.201.66.151 & 67.227.149.11. Set the LDAP Border Firewall.
  9. Enter the administrator LDAP Bind DN, example: CN=Users-Name,CN=Users,DC=example-domain,DC=com, and LDAP Bind Password.
  10. Check SSL (Recommended) for the LDAP encryption method.
  11. If using a self-signed SSL certificate, you must provide your CA certificate next.
    Only have No Certificate Verification enable for temporary testing.
  12. Enter the LDAP BASE, example: DC=example-domain,DC=com.
  13. Enter a Search Filter if desired, example (objectclass=*).
    • LDAP search filters can be used for a more effective search , such as set to search all objects with (objectclass=*).
  14. Enter needed Email address attributes , example mail, proxyAddresses.
    • One or more attributes that make up the user's email addresses (including aliases).
  15. Enter First name attributes, example cn. (CN = Common Name)
    • One or more attribute names that make up the user's first name.
  16. Enter Last Name Attributes, example sn. (SN = Surname)
    • One or more attribute names that make up the user's last name.
  17. Add Notification email addresses (comma separated) to receive an email notification when the LDAP import runs.
  18. Once complete, click Save
    After clicking save the connection will be tested, if there is any errors you will receive a warning similar to "errors prohibited this plan from being saved". Correct any errors that are listed and save again.

Related LDAP Resources and Guides

LDAP Setup Overview

LDAP Windows Server Firewall Settings

LDAP Server & User Details

24/7 Live Support

Our technical support team is also available 24/7/365 via phone, chat, email or by opening a ticket through your account to help with any LDAP questions related to our services. Contact us anytime. We're always here. 24/7/365.