Integrate NetQ with Your LDAP Server

With this release and an administrator role, you are able to integrate the NetQ role-based access control (RBAC) with your lightweight directory access protocol (LDAP) server in on-premises deployments. NetQ maintains control over role-based permissions, but LDAP is used for authentication of the users. A copy of each user from LDAP is stored in the local NetQ database.

Configuring an LDAP server does not prevent you from configuring local users (stored and managed in the NetQ database) as well.

Create an LDAP Configuration

One LDAP server can be configured per admin user account. Once LDAP is configured, you can validate the connectivity (and configuration) and save the configuration.

  1. Click , then select Management under Admin.

  2. Locate the LDAP Server Info card, and click Configure LDAP.

  3. Obtain and enter the following information about your LDAP server:

    Parameter Description
    Server
    • Host*: URL of the LDAP server
    • Server Port*: Name of the port on which to communicate with the LDAP server
    • Authentication*: Select from
      • Anonymous: LDAP client does not require authentication
      • Basic: LDAP client sends the username as an LDAP distinguished name along with a password as clear text to the LDAP server. Also called Simple authentication.
      • SASL: LDAP client and server negotiate an authentication mechanism
    User Attributes
    • Bind DN*: Username (Distinguished Name) used for search queries
    • Base DN*: Base of the subtree, where in directory structure search query begins
    • User ID*: Type of identifier used to specify an LDAP user
    • First Name: Given name of LDAP user
    • Last Name: Surname of LDAP user
    • Email: Electronic mail address for LDAP user
    Search Attributes
    • Search Scope: Specifies the portion of the target subtree used in a search query. Select from
      • None: No search allowed for user on this LDAP server
      • Base: Search for users at the base level only; no subordinates
      • One Level: Search for immediate children of user; not at base or for any descendants
      • Subtree: Search for users from base, subordinates at any depth
      • Subordinate: Search for subordinates at any depth of user; but not at base
    • Search Query: Actual search query

    Note: Items with an asterisk (*) are required. All others are optional.

  4. Click Save to complete the configuration, or click Cancel to discard the configuration.

LDAP config cannot be changed once configured. If you need to change the configuration, you must delete the current LDAP configuration and create a new one. Note that if you change the LDAP server configuration, all users created against that LDAP server remain in the NetQ database and continue to be visible, but are no longer be viable. You must manually delete those users if you do not want to see them.

Add LDAP Users to NetQ

  1. Click , then select Management under Admin.

  2. Locate the User Accounts card, and click Manage.

  3. On the User Accounts tab, click Add User.

  4. Select LDAP User.

  5. Enter the user’s ID.

  6. Enter your administrator password.

  7. Click Search.

  8. If the user is found, the email address, first and last name fields are automatically filled in on the Add New User form. If searching is not enabled on the LDAP server, you must enter the information manually.

    If the fields are not automatically filled in, and searching is enabled on the LDAP server, you might require changes to the mapping file.

  9. Select the role for this user, admin or user, in the User Type dropdown.

  10. Enter your admin password, and click Save, or click Cancel to discard the user account.

    LDAP user passwords are not stored in the NetQ database and are always authenticated against LDAP.

  11. Repeat these steps to add additional LDAP users.

Remove LDAP Users from NetQ

You can remove LDAP users in the same manner as local users.

  1. Click , then select Management under Admin.

  2. Locate the User Accounts card, and click Manage.

  3. Select the user or users you want to remove.

  4. Click in the Edit menu.

If an LDAP user is deleted in LDAP it is not automatically deleted from NetQ; however, the login for these LDAP users stop working immediately.