Skip to content

LDAP / LDAP-S for Privacera Portal Access#

This configuration sequence configures the Privacera Portal to reference an external LDAP or LDAP over SSL directory for the purpose of Privacera Portal user login authentication.

To achieve this, there are two ways:

  • Let Privacera Manager handle the certificate download and creation based on the LDAP-S server URL.

  • Manually provide a truststore file which contains the certificate of LDAP-S Server.

(This does not affect or control data access user authentication.)

Map LDAP roles with the existing Privacera roles

You can associate LDAP users roles to Privacera roles using Privacera LDAP Role Mapping. It allows you to use the access control of Privacera Portal with LDAP user roles.

  1. Log in to Privacera Portal using padmin user credentials or as a user with Privacera ROLE_SYSADMIN role.

  2. Go to Settings > System Configurations.

  3. Select Custom Properties checkbox.

  4. Click on Add Property and enter the new property, auth.ldap.enabled=true.

  5. Click Save.

  6. Go to Settings > LDAP Role Mapping.

  7. Add the appropriate role mappings.

  8. When you login in back with LDAP user,  you will see the new user role. This LDAP user login can be done after the LDAP setup with Privacera Manager is completed.

Configuration

  1. SSH to the instance as ${USER}.

  2. Run the commands below.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.portal.ldaps.yml config/custom-vars/
    vi config/custom-vars/vars.portal.ldaps.yml
    
  3. Uncomment the properties and edit the configurations as required. For property details and description, click here.

    PORTAL_LDAP_ENABLE: "true"
    PORTAL_LDAP_URL: "<PLEASE_CHANGE>"
    PORTAL_LDAP_BIND_DN: "<PLEASE_CHANGE>"
    PORTAL_LDAP_BIND_PASSWORD: "<PLEASE_CHANGE>"
    PORTAL_LDAP_SEARCH_BASE: "<PLEASE_CHANGE>"
    PORTAL_LDAP_USER_SEARCH_BASE: "<PLEASE_CHANGE>"
    PORTAL_LDAP_GROUP_SEARCH_BASE: "<PLEASE_CHANGE>"
    PORTAL_LDAP_USERNAME_ATTRIBUTE: "<PLEASE_CHANGE>"
    PORTAL_LDAP_DN_ATTRIBUTE: "<PLEASE_CHANGE>"
    PORTAL_LDAP_BIND_ANONYMOUSLY: "false"
    PORTAL_LDAP_SSL_ENABLED: "true"
    PORTAL_LDAP_SSL_PM_GEN_TS: "true"
    
  4. Run Privacera Manager update.

    cd ~/privacera/privacera-manager 
    ./privacera-manager.sh update
    

Last update: July 23, 2021