Overview: Configure LDAP Authentication¶
About LDAP authentication¶
The Lightweight Directory Access Protocol (LDAP) is a protocol that enables organizations to store, access, and manage directory services. Directory services, such as Microsoft Active Directory (AD), contain information about user and group accounts, addresses, and passwords and allow it to be shared by other devices across the organization. Applications and users can access the directory data and verify the stored information on the network. LDAP also stores information on devices, such as files, printers, and shared resources on the network. It allows you to store and verify credentials each time a user attempts to access applications, directories, systems, and servers.
LDAP is a language used by directory services for authentication and allows servers to communicate with directory services. When a user sends a request for particular information, the LDAP server processes it and communicates with directory services before sending a response. It enables messages, such as client requests, server responses, and data, to flow between servers and client applications. LDAP communicates with AD, stores, and extracts data in a usable format in the LDAP directory server, and authenticates users to access the directory. You can configure BIG-IP Next Access to use LDAP protocol for authenticating BIG-IP Next administrative users.
The authentication process occurs as follows:
An administrative user attempts to access BIG-IP Next using an appropriate username and password.
BIG-IP Next establishes a TCP connection with the remote LDAP server over port 389. If SSL is configured, Access attempts to establish a connection with the remote LDAP server over port 636.
BIG-IP Next attempts to bind to the LDAP server using the Distinguished Name (DN) and password for the LDAP administrator account.
BIG-IP Next sends an LDAP search query for the BIG-IP administrative user account to the LDAP server.
The LDAP server attempts to locate the administrative user account in the database and sends the response to BIG-IP Next.
BIG-IP Next authenticates the administrative user account.