OpenLDAP and Active Directory password synchronization
An LDAP server is meant for frequent queries and infrequent updates. OpenLDAP is one of the most popular options for implementing a centralized directory server. Since LDAP servers are used for many different purposes—including storage for DNS, centralized authentication accounts (POSIX account), shared calendars, shared address books, and more—their authentication needs to be secure.
Why should you sync passwords?
In the IT world, where a myriad of applications are available, remembering the username and password of every account is difficult, but password synchronization empowers users to log in to each application using a single username and password. ADSelfService Plus, an identity security solution with adaptive multi-factor authentication, single sign-on, and password management capabilities, makes it easy to set up password synchronization. All you have to do is integrate ADSelfService Plus with the applications you're using. Once this is done, every time an Active Directory domain password is reset or changed, the new password is replicated across all connected applications. ADSelfService Plus supports up to 18 applications for password synchronization including OpenLDAP.
What are the benefits of choosing ADSelfService Plus for password synchronization with OpenLDAP?
- Sync both native Active Directory password changes, and self-service password resets and password changes from the ADSelfService Plus portal in real time with OpenLDAP.
- Reset and change Active Directory and OpenLDAP passwords from both workstations and mobile devices.
- Deploy multi-factor authentication techniques to secure the password changes and resets.
- Enforce advanced password policies with rules such as a ban on the use of patterns, dictionary words, and palindromes.
- Restrict both the use of the password synchronization feature, and synchronization with particular applications, to specific users based on group or OU membership.
How to configure OpenLDAP server with ADSelfService Plus
The following section will take you through the steps to configure password synchronization for an OpenLDAP server using ADSelfService Plus.
Prerequisite: To sync native password changes—password changes made via the Ctrl+Alt+Del portal, and password resets from the Active Directory Users and Computers console—install the Password Sync Agent.
Steps for configuring an OpenLDAP server with ADSelfService Plus
- Download and install ADSelfService Plus if you haven't already.
- Log in to ADSelfService Plus admin console with admin credentials.
- Navigate to Configuration → Self-Service → Password Sync/ Single Sign On.
- Select OpenLDAP.
Note: You can also find OpenLDAP from the search bar located in the left pane, or from the alphabetical listing for the navigation options in the right pane.
- Enter the Application Name and Description.
- In the Assign Policies field, select the policies for which password synchronization has to be enabled.
Note: ADSelfService Plus allows you to create OU and group-based policies for your Active Directory domains. To create a policy, go to Configuration → Self-Service → Policy Configuration → Add New Policy.
- Select Enable Password Sync.
- Enter the System Name or IP Address of the OpenLDAP Server.
- Enter the Domain Name of the OpenLDAP Server in the distinguished name format. For example, dc=example,dc=com.
- Enter the Username of the OpenLDAP Server in the distinguished name format. For example, cn=directory manager,dc=example,dc=com.
- Enter the Password of the OpenLDAP Server.
Note: The username and password must belong to the administrator account of the server in which OpenLDAP is installed.
- Enter the LDAP (default port for LDAP is 389) and LDAP SSL (default port for LDAP SSL is 636) port number of the OpenLDAP Server.
- Check the Use LDAP Password Modify Extended Operation box if required.
- Click Add Application.
What are the benefits of OpenLDAP and Active Directory password synchronization?
- Implement a secure, robust, cost-effective, and unified identity solution for OpenLDAP and other enterprise applications based on Active Directory.
- Reduce a major source of help desk calls, and free up IT administrators to focus on other important tasks.
- Extend Active Directory's advance password complexity rules to OpenLDAP.
Reduce password reset calls with real-time password synchronizer
Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console.
Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus!
Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.
Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more.
Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.
Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.