Skip to main content

LDAPS Configuration

Configuring LDAPS allows end users to use their Windows credentials to access Web Portal, and any groups the end user has access to (is a member of), if reports are part of those groups, then the user has access to those reports.

There a few keys to edit in web.config to enable and configure LDAPS connections. Enable it using the first key below, and then the following keys are used to configure it.

<!-- Enable LDAPS/LDAP Active Directory Usage -->
<add key="UsesADForGroupsAndUsers" value="0" />

<!-- LDAPS Settings Only -->
 <add key="LDAPS_Server" value="whatever.ldap.knownkeep.net" />
<add key="LDAPS_BaseDN" value="DC=ldap,DC=knownkeep,DC=net" />
<add key="LDAPS_Port" value="636" />
<add key="LDAPS_UserName" value="administrator@ldap.knownkeep.net" />
<add key="LDAPS_Password" value="" />
<add key="LDAPS_UPN_Domain" value="ldap.knownkeep.net" />

Note, a UserName and Password are requested so ALL groups can be fetched and shown in the Administration interface (and reports can be assigned to those groups). The UPN domain is requested just in case you leave out the UPN domain as part of your UserName and we can append it (the UPN is required to authenticate with LDAPS). 

See Microsoft article regarding User Name Formats:

https://learn.microsoft.com/en-us/windows/win32/secauthn/user-name-formats


Once you configure LDAPS, you can test it directly from the Administrator Settings interface.

test-ldaps-settings-new.jpg

Verify LDAPS settings, then click Test Admin Connection.

test-ldaps-admin.jpg

If you have a successful connection, it will display all of the groups available (with our test setup, if found 71).

test-ldaps-admin-results.jpg

You can also test end user credentials here, too. This allows you to verify that an end users credentials will return groups (because those are the groups that get assigned to reports so that user can see/access those reports in Web Portal).

test-ldaps-user.jpg

If you have a successful connection, it will display the groups the user has access to (is a member of).

test-ldaps-user-results.jpg

After you test you LDAPS connection, return back to the Administrator Settings interface, and click the Refresh AD Groups Cache button.

refresh-ad-groups.jpg

Note, we keep a static/cached list of groups so they don't have to be fetched EVERY time you edit a report. If you ever have a case where you're not seeing a group that you know exists, come back here and refresh your groups.

From there, when you go to edit a report, you will now see all of your AD groups that you can then assign to reports. You'll see all of the same groups that appears with your Administrator test.

report-groups.jpg

Back to top