You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/howto-mfaserver-dir-ad.md
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -45,11 +45,11 @@ The following table describes the LDAP configuration settings.
45
45
46
46
| Feature | Description |
47
47
| --- | --- |
48
-
| Server |Enter the hostname or IP address of the server running the LDAP directory. A backup server may also be specified separated by a semi-colon. <br>Note: When Bind Type is TLS, a fully qualified hostname is required. |
48
+
| Server |Enter the hostname or IP address of the server running the LDAP directory. A backup server may also be specified separated by a semi-colon. <br>Note: When Bind Type is SSL (TLS), a fully qualified hostname is required. |
49
49
| Base DN |Enter the distinguished name of the base directory object from which all directory queries start. For example, dc=abc,dc=com. |
50
-
| Bind type - Queries |Select the appropriate bind type for use when binding to search the LDAP directory. This is used for imports, synchronization, and username resolution. <br><br> Anonymous - An anonymous bind is performed. Bind DN and Bind Password are not used. This only works if the LDAP directory allows anonymous binding and permissions allow the querying of the appropriate records and attributes. <br><br> Simple - Bind DN and Bind Password are passed as plain text to bind to the LDAP directory. This is for testing purposes, to verify that the server can be reached and that the bind account has the appropriate access. After the appropriate cert has been installed, use TLS instead. <br><br> TLS - Bind DN and Bind Password are encrypted using TLS to bind to the LDAP directory. Install a cert locally that the LDAP directory trusts. <br><br> Windows - Bind Username and Bind Password are used to securely connect to an Active Directory domain controller or ADAM directory. If Bind Username is left blank, the logged-on user's account is used to bind. |
51
-
| Bind type - Authentications |Select the appropriate bind type for use when performing LDAP bind authentication. See the bind type descriptions under Bind type - Queries. For example, this allows for Anonymous bind to be used for queries while TLS bind is used to secure LDAP bind authentications. |
52
-
| Bind DN or Bind username |Enter the distinguished name of the user record for the account to use when binding to the LDAP directory.<br><br>The bind distinguished name is only used when Bind Type is Simple or TLS. <br><br>Enter the username of the Windows account to use when binding to the LDAP directory when Bind Type is Windows. If left blank, the logged-on user's account is used to bind. |
50
+
| Bind type - Queries |Select the appropriate bind type for use when binding to search the LDAP directory. This is used for imports, synchronization, and username resolution. <br><br> Anonymous - An anonymous bind is performed. Bind DN and Bind Password are not used. This only works if the LDAP directory allows anonymous binding and permissions allow the querying of the appropriate records and attributes. <br><br> Simple - Bind DN and Bind Password are passed as plain text to bind to the LDAP directory. This is for testing purposes, to verify that the server can be reached and that the bind account has the appropriate access. After the appropriate cert has been installed, use SSL instead. <br><br> SSL - Bind DN and Bind Password are encrypted using SSL to bind to the LDAP directory. Install a cert locally that the LDAP directory trusts. <br><br> Windows - Bind Username and Bind Password are used to securely connect to an Active Directory domain controller or ADAM directory. If Bind Username is left blank, the logged-on user's account is used to bind. |
51
+
| Bind type - Authentications |Select the appropriate bind type for use when performing LDAP bind authentication. See the bind type descriptions under Bind type - Queries. For example, this allows for Anonymous bind to be used for queries while SSL bind is used to secure LDAP bind authentications. |
52
+
| Bind DN or Bind username |Enter the distinguished name of the user record for the account to use when binding to the LDAP directory.<br><br>The bind distinguished name is only used when Bind Type is Simple or SSL. <br><br>Enter the username of the Windows account to use when binding to the LDAP directory when Bind Type is Windows. If left blank, the logged-on user's account is used to bind. |
53
53
| Bind Password |Enter the bind password for the Bind DN or username being used to bind to the LDAP directory. To configure the password for the Multi-Factor Auth Server AdSync Service, enable synchronization and ensure that the service is running on the local machine. The password is saved in the Windows Stored Usernames and Passwords under the account the Multi-Factor Auth Server AdSync Service is running as. The password is also saved under the account the Multi-Factor Auth Server user interface is running as and under the account the Multi-Factor Auth Server Service is running as. <br><br>Since the password is only stored in the local server's Windows Stored Usernames and Passwords, repeat this step on each Multi-Factor Auth Server that needs access to the password. |
54
54
| Query size limit |Specify the size limit for the maximum number of users that a directory search returns. This limit should match the configuration on the LDAP directory. For large searches where paging is not supported, import and synchronization attempts to retrieve users in batches. If the size limit specified here is larger than the limit configured on the LDAP directory, some users may be missed. |
55
55
| Test button |Click **Test** to test binding to the LDAP server. <br><br>You don't need to select the **Use LDAP** option to test binding. This allows the binding to be tested before you use the LDAP configuration. |
Copy file name to clipboardExpand all lines: articles/active-directory/authentication/howto-mfaserver-dir-ldap.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -34,8 +34,8 @@ To configure LDAP authentication, install the Azure Multi-Factor Authentication
34
34
35
35
36
36
37
-
3. On the Clients tab, change the TCP port and TLS port if the Azure Multi-Factor Authentication LDAP service should bind to non-standard ports to listen for LDAP requests.
38
-
4. If you plan to use LDAPS from the client to the Azure Multi-Factor Authentication Server, an TLS/SSL certificate must be installed on the same server as MFA Server. Click **Browse** next to the TLS/SSL certificate box, and select a certificate to use for the secure connection.
37
+
3. On the Clients tab, change the TCP port and SSL (TLS) port if the Azure Multi-Factor Authentication LDAP service should bind to non-standard ports to listen for LDAP requests.
38
+
4. If you plan to use LDAPS from the client to the Azure Multi-Factor Authentication Server, an TLS/SSL certificate must be installed on the same server as MFA Server. Click **Browse** next to the SSL (TLS) certificate box, and select a certificate to use for the secure connection.
39
39
5. Click **Add**.
40
40
6. In the Add LDAP Client dialog box, enter the IP address of the appliance, server, or application that authenticates to the Server and an Application name (optional). The Application name appears in Azure Multi-Factor Authentication reports and may be displayed within SMS or Mobile App authentication messages.
41
41
7. Check the **Require Azure Multi-Factor Authentication user match** box if all users have been or will be imported into the Server and subject to two-step verification. If a significant number of users have not yet been imported into the Server and/or are exempt from two-step verification, leave the box unchecked. See the MFA Server help file for additional information on this feature.
0 commit comments