![]() ![]() Then it will talk to NxFilter and try to create a login session for the user it detects. ![]() You just install it and run it in your own local network with NxFilter working. CxLogon is designed for SSO without Active Diretory from the beginning. ![]() We recommend you to use CxLogon for Windows and Mac OS and CxBlock for Chromebook. Now you can import users from G Suite LDAP and it means you can use these SSO agents against G Suite LDAP. That's why we import users from Active Directory before running these SSO agents. If the username exists in NxFilter DB then NxFilter creates a login session for the username. You run one of them on a user system and it detects the username currently logged-in on the system and then it sends the username to NxFilter. These SSO agents are basically for Active Directory integration but you still can use them for SSO against G Suite LDAP. We have several single sign-on (SSO) agents. Let me know if there are any questions or something is unclear and I'll try to help. Jahastech has agreed to increase the size of the LDAP admin name in a future release of NxFilter to remove this work-around. After talking with Jahastech, we determined that the Admin DN could be shortened to the form " uid=,ou=users,dc=yourdomain,dc=com" and it would work with Google's LDAP from NxFilter. When initially configuring the OpenLDAP settings in NxFilter, I used a DN that was over 64 characters: uid=rasher,ou=Technology,ou=Google Vault,ou=Users,dc=example,dc=com While this worked with ldapsearch from the command line, NxFilter truncated the admin name to the first 64 characters and authentication failed when trying the TEST button. Known Issues and SolutionsĪ note about the LDAP Admin ID. If successful, you can then proceed to "IMPORT" your Google GSuite Secure LDAP users and groups from there. Try the "TEST" button for the OpenLDAP entry. Be sure to SUBMIT your changes and then return to NxFilter -> User -> OpenLDAP. You can also add Exclude Keywords here to limit what users and groups are imported from Google's Secure LDAP directory. ![]() Once saved, you should EDIT the newly created OpenLDAP entry and change the PORT number to 1636 if you followed along with the instructions or to whatever open port you set in your /etc/stunnel/nf file. Your Admin user should be a GSuite user you've created with administrator privileges and your Base DN should match your domain. Host : 127.0.0.1Īdmin : uid=rasher,ou=users,dc=example,dc=com To do so, we'll use the OpenLDAP portion of NxFilter.Ĭonfigure NxFilter -> User -> OpenLDAP to use our stunnel settings and Google GSuite information. The next step is to configure our LDAP settings in NxFilter. The configuration of stunnel for other linux distros is similar and for Ubuntu, you can follow Google's instructions here: īe sure to enable the LDAP client service in the Google Admin panel! NxFilter To see the service status and logs: systemctl status stunnel Then enable the service to start/stop with the system: systemctl enable stunnel and start it: systemctl start stunnel. The CentOS stunnel rpm doesn't provide a startup script but you can add this to /etc/systemd/system/rvice to have stunnel started and stopped with the system: ĭescription=SSL tunnel for network daemonsĮxecStart=/usr/bin/stunnel /etc/stunnel/nf On CentOS 7, it's packaged in the base repository and can be installed by running yum -y install stunnel Next you'll need to create a tunnel configuration in /etc/stunnel/nf and unzip your Google LDAP certificate and key to /etc/stunnel/ The nf file should be similar to this: Now we need to install stunnel on our NxFilter server. You'll need to follow these instructions to create the LDAP client certificates in your GSuite Admin panel for stunnel here: and download the generated zip file with the crt and key files to your NxFilter server. Ideally, you'll run stunnel on the same server as NxFilter and only listen locally so that you don't expose your GSuite LDAP directory beyond that server. For clients that don't offer a way to authenticate to LDAP with a client certificate, we'll use stunnel as a proxy and configure stunnel to provide the client certificate to the Google LDAP server and configure NxFilter to connect to stunnel. Currently, NxFilter doesn't have a way to import the certificates to connect directly to Google's Secure LDAP. In order to use GSuite's Secure LDAP, it requires the client(NxFilter) to authenticate with a certificate. You can read more about Secure LDAP and how to configure it in your admin console here: It's now possible to import your Google GSuite users and groups into NxFilter thanks to Google opening up access to their Secure LDAP service. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |