Active Directory Settings
The administrator can configure the authentication settings for Active Directory under Foldr Settings >> General >> LDAP. If Active Directory is not being used, this section can be skipped, and local user accounts created directly in the Users & Groups tab in Foldr Settings.
The LDAP Server should be configured to point at one (or optionally more) Windows Domain Controllers on the internal network, prefixed with ldap://
i.e. ldap://domain_controller.company.internal
(FQDN or IP address of a domain controller. Note – ldap:// prefix)
Multiple domain controllers can be entered, prefixing each with ldap:// (or ldaps://) separated by a space.
LDAP Search DN:
DC=company,DC=internal
The example shown above will search for users and groups in the root of the Active Directory domain. The Search DN could be used to also control which users are allowed to sign into Foldr, but a superior and more granular method for doing can be found within the Security tab
LDAPS Support
If the domain supports LDAPS, simply prefix the LDAP Server address with ‘ldaps://’ – You can optionally append a port; if this is not done Foldr will assume the default port of 636 is being used.
Example LDAP Settings:
LDAPS is required if you intend to use Active Directory password change control, delegated or self-service password reset features in Foldr. LDAPS is required if you intend to use the password change control, delegated or self-service password reset features in Foldr. Enabling LDAPS on a Windows domain controller is typically done by default after installing the Domain Certificate Services >> Enterprise CA role in Server Manager. However, there are considerations to be made when enabling this in your AD infrastructure:
Enabling Secure LDAP on Windows Server 2008/2012 Domain Controllers
Azure Active Directory
Foldr can be deployed within the Microsoft Azure cloud platform and can authenticate directly against the Azure Active Directory without the need to deploy additional Windows domain controller VMs.
You can authenticate using either LDAP or LDAPS (a suitable SSL certificate needs to installed within the Azure portal for LDAPS support).
Example LDAPS settings are shown below:
Note – All features are available if Foldr is configured against Azure Active Directory apart from password change control / delegated password reset, regardless if LDAPS is enabled.