Install and Configure AD/LDAP Connector

Prerequisites

  • Ensure that your system meets the system requirements.

  • Ensure that you have already installed Git, Node.js, and npm.

  • For most platforms, you will need to have root and/or administrator privileges.

Install the connector for Windows

Download the installer

Download the Auth0 Active Directory/LDAP Connector for Windows (MSI) file:

Run the installer

Run the installer and follow the instructions.

AD/LDAP Connector Services

The AD/LDAP Connector is installed as a Windows Service.

AD/LDAP Connector Services

Link to Auth0

Once the installation is complete, you will see a screen in a browser pointing to localhost:

AD/LDAP Connector Admin Ticket

Enter the TICKET URL provided when you provisioned the connection. The TICKET URL uniquely identifies this connector in Auth0. The Connector will use this to communicate with Auth0 Server and automatically complete the configuration.

Link to LDAP

Enter the LDAP settings:

adldap-connector-admin-settings

Setting Description
LDAP Connection String For example, ldap://ldap.internal.contoso.com. This is the protocol + the domain name or ip address of your LDAP server. Your LDAP server is the local domain controller where Active Directory is installed. The protocol can be either ldap or ldaps. If you need to use ldaps make sure that the certificate is valid in the current server.
Base DN For example, dc=contoso,dc=com. This is the base container for all the queries performed by the connector.
Username For example, cn=svcauth0,dc=services,dc=contoso,dc=com The full distinguish name of a user to perform queries.
Password The password of the user.

Once you submit the above information, the connector will perform a series of tests to validate the information you entered. The results are displayed under Configuration Log in the console screen.

adldap-connector-admin-settings-ok

Make sure that all tests are green.

Test Description Troubleshoot
Test 1 Attempts to establish a TCP connection to the LDAP server and port specified. Check basic network connectivity and firewall settings that might prevent such a connection.
Test 2 Attempts to perform an LDAP bind on the LDAP server and port specified and with the username and password provided. Check the LDAP connection string, search path, username and password.
Test 3 Attempts to perform an LDAP search against the directory to check the privileges of the specified username. Check the privileges of the username in the target directory.
Test 4 Attempts to establish a connection to the Auth0 server. Check network connectivity and firewall settings that might prevent such a connection.

Install the connector for other platforms

  1. Download the Auth0 Active Directory/LDAP Connector package to /tmp:


    Curl example:

  2. Expand the package and install its dependencies:

    mkdir /opt/auth0-adldap
    tar -xzf /tmp/adldap.tar.gz -C /opt/auth0-adldap --strip-components=1
    cd /opt/auth0-adldap
    npm install

    Was this helpful?

    /

  3. Start your server. node server.js When prompted for the ticket number, enter the full ticket URL from the Settings tab of the Setup AD/LDAP connector screen in the Auth0 Management Dashboard.

  4. You will be prompted to edit the config.json configuration file with your LDAP connection and authentication details:

    "LDAP_URL": "ldap://{yourLdapServerFqdn}",
        "LDAP_BASE": "dc={yourDomain},dc=com",
        "LDAP_BIND_USER":"{yourLdapUser}",
        "LDAP_BIND_PASSWORD":"{yourLdapUserPassword}" //cleartextpassword

    Was this helpful?

    /

  5. Run node server.js once more to start the Connector. Note that the LDAP_BIND_PASSWORD line in config.json changes to LDAP_BIND_CREDENTIALS at this point.

  6. Once the Connector is running, you will need to daemonize the Connector (if you don't already have a tool selected, you can consider upstart or systemd). For example, for using systemd with Ubuntu Xenial, the file /lib/systemd/system/auth0-adldap.service could contain the following:

    [Unit]
    Description=Auth0 AD LDAP Agent
    After=network.target
    
    [Service]
    Type=simple
    Restart=always
    User=ubuntu
    WorkingDirectory=/opt/auth0-adldap
    ExecStart=/usr/bin/node server.js

    Was this helpful?

    /

  7. Run node admin/server.js to access the admin UI. The admin UI will be running and available on http://localhost:8357.

If you get an Invalid Ticket message when configuring the Connector for the first time, the most likely cause is a network issue (for example, you have the Connector running behind a proxy).

Learn more