Bastionhost can be connected to an Active Directory (AD) server or a Lightweight Directory Access Protocol (LDAP) server. Users on the AD server or the LDAP server can be synchronized to Bastionhost as Bastionhost users. This topic describes how to configure AD authentication and LDAP authentication.
Prerequisites
An AD environment or LDAP environment is deployed and Bastionhost can access the AD server or LDAP server.
Procedure
- Log on to the console of your bastion host. For more information, see Log on to the console of a bastion host.
- In the left-side navigation pane, click System Settings.
On the AD Authentication or LDAP Authentication tab, enter the basic information about the AD server or LDAP server. Then, click Test Connection.
If the test is successful, a message appears, which indicates that the operation is successful.
After the connection is established, click Save.
To clear the configurations of AD or LDAP authentication, click Clear Settings.
WarningAfter you clear the configurations of AD or LDAP authentication, AD or LDAP users are also cleared. Proceed with caution.
If you want Bastionhost to synchronize the snapshots of AD- or LDAP-authenticated users, click Create User Snapshots or configure the Interval for Automatic Creation of User Snapshots parameter to synchronize users from the AD or LDAP server to local snapshots. When AD- or LDAP-authenticated users are imported, Bastionhost reads user information from the local snapshots. This reduces the performance overheads.