Configure your Active Directory or LDAP in Nimbox
Vault allows you to configure either Active Directory or LDAP authentication for users in an organisation. When an authentication source is configured, an imported user can login to the web portal or agents, using the credentials attached to their AD/LDAP account.
Two methods for configuring AD/LDAP
- Method 1 (Agent): this method utilises our Vault agent, installed on the server that hosts the authentication source. This agent will be registered to a user within your organisation.
Best Practice: When registering Vault to a user account on a server, it is recommended that you create a dummy account. A dummy account should not be subscribed to team shares, should be set to use fixed space quota of .01GB, and should be configured using a predetermined naming system (such as First Name: File Server; Last Name: LDAP). Our support team can configure this account for you.
- Method 2 (Server): this method allows you to connect your authentication source to Vault, without installing an agent on your server. The authentication server must be publicly accessible.
Things to note:
- If prior to configuring AD/LDAP, you manually created Vault user accounts, and want to convert these accounts to AD/LDAP user accounts, you must ensure that all email addresses match. If an email address matches, Vault will successfully convert the existing user account to an AD user account, and there will be no need to uninstall and reinstall agents on the user’s workstation. If an email address doesn’t match, a new account will be created.
- When you configure an AD/LDAP source, agents can be silently pushed, installed, and registered to end users without needing to alert them. To learn more about silent installation, read this setup guide.
- Whilst Vault will integrate with any LDAP source, it will not work with non-LDAP sources, such as Azure AD. Azure supports internal LDAP authentication, but it does not currently support external LDAP. For more information, read this TechNet Blog.
Method 1 (Agent)
On the server that hosts your AD/LDAP, download and install the agent.
After installing the agent, register it to the ‘dummy account,’ or another account (not recommended).
Take a note of the server’s full computer name:
When you have finished installing the agent, return to the organisation dashboard.
In the organisation dashboard, click the Settings tab. The Settings page displays.
In the Settings page, click the Authentication tab. The Authentication section displays.
In the Authentication section, click the Add Source button to add an authentication source:
The page refreshes to display a Configure an Authentication Source section of the page.
In the Configure an Authentication Source section of the page, configure your authentication source:
- In the Machine drop-down menu, select the name of the machine that hosts your Active Directory or LDAP.
- In the Host field, enter the full computer name that you recorded in step 3.
- In the Domain field, enter the Active Directory’s Fully Qualified Domain Name (FQDN) (for example, ad.example.co.uk).
- In the Login field, enter a username that has administrative access to the AD/LDAP.
- In the Password field, enter the corresponding password for the administrative user.
- Click the Save button when you’re finished.
After you have entered information for Active Directory, the page will refresh to show you a listing of all current authentication sources.
In the Manage column, click the Import Users button:
The page refreshes to show import settings.
Configure settings for importing users:
- Select the Send Welcome Email checkbox, if you want to send a welcome email as soon as users are imported into the system.
- Select the Enable WebDAV checkbox if you want to enable WebDAV for the imported users.
- Use the Add to Team Shares box to select the Team Shares to which all user accounts should be added. Alternatively, click the All button to add all user accounts to all Team Shares, or click the None button if you do not want to add the imported accounts to Team Shares.
In the Organisational Units box, browse and select the Active Directory users that should be imported; alternatively, select specific organisational units (OUs) to be added to the system:
Click the Import Selected Users button to import the users into Vault. End users can now login to the system using their Active Directory/LDAP email and password.
Method 2 (Server)
In the organisation dashboard, click the Settings tab. The Settings page displays.
In the Settings page, click the Authentication tab. The Authentication section displays.
In the Authentication section, click the Add Source button to add an authentication source:
The page refreshes to display a Configure an Authentication Source section of the page.
In the Configure an Authentication Source section of the page, configure your authentication source:
- In the Machine drop-down menu, select Use Server.
- In the Host field, enter the publicly resolvable host name or IP address of the Active Directory/LDAP server.
- In the Domain field, enter the server’s Fully Qualified Domain Name (FQDN) (for example, ad.example.co.uk).
- In the Login field, enter a username that has administrative access to the AD/LDAP.
- In the Password field, enter the corresponding password for the administrative user.
- Click the Save button when you are finished.
After you have entered information for Active Directory, the page will refresh to show you a listing of all current authentication sources.
In the Manage column, click the Import Users button:
The page refreshes to show import settings.
Configure settings for importing users:
- Select the Send Welcome Email checkbox, if you want to send a welcome email as soon as users are imported into the system.
- Select the Enable WebDAV checkbox if you want to enable WebDAV for the imported users.
- Use the Add to Team Shares box to select the Team Shares to which all user accounts should be added. Alternatively, click the All button to add all user accounts to all Team Shares, or click the None button if you do not want to add the imported accounts to Team Shares.
In the Organisational Units box, browse and select the Active Directory users that should be imported; alternatively, select specific organisational units (OUs) to be added to the system:
Click the Import Selected Users button to import the users into Vault. End users can now login to the system using their Active Directory/LDAP email and password.