LDAP Authenticator Module

The GreenRADIUS LDAP Authenticator Module enables a way to implement two-factor authentication for applications and services that support authentication requests over the LDAP protocol. At times, it is advantageous to integrate third-party applications and services over LDAP instead of RADIUS, Web APIs, or other ways.

Prerequisites

• GreenRADIUS v5.3.1.1 or above
• GreenRADIUS license that enables the LDAP Authenticator Module
• If GreenRADIUS has multiple domains configured on the Domain tab, only the users in the default domain will be able to log in
• Certificate installed in GreenRADIUS from a trusted CA
• Third-party application that supports authentication requests over the LDAP protocol

Steps To Configure the LDAP Authenticator Module

1. Click on the Global Configuration tab. Then click the LDAP Authenticator Module icon.

2. Enter the following configuration parameters:

• Multi-Factor Policy Choose which multi-factor policy you want enforced when users log in

3. Click the Update button

Steps To Configure Your Third-Party Application (LDAP client)

Typically, the following configuration parameters need to be specified:

• Base DN: The base DN to configure is indicated at the top of the LDAP Authenticator Module screen. It is based on the currently configured default domain in GreenRADIUS.
• Bind DN: The bind DN to configure is indicated at the top of the LDAP Authenticator Module screen. It can be another user in the same domain.
• Password: Enter the password of the bind dn user