Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1545
Views
0
Helpful
1
Replies

Multiple "ldap_server_auto" entries for different applications

Go to solution
Marc6
Level 1
Level 1

‎03-27-2019 10:23 AM

Hello,

i have a question regarding the LDAP Proxy functionality. Right now we are using only one application who requires the “ldap-server-auto” part in the config file, but we are planning to use more.

Im aware of the fact that multiple applications can connect to the same proxy server on the same port thought. But what bothers me a bit, is the fact, that on the duo authentication log ( on the website) the “Application” is shown as i configured it.

But what if i have multiple applications, which uses these ? Is it somehow possible to split these ?
Else i have a bunch of users who connects to a global “LDAP Application”.

Is there a way to solve this somehow ?

Thanks in advance for the feedback !

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎03-28-2019 11:05 AM

You can create multiple LDAP applications in Duo for each of the applications you want to protect, and then configure the Duo proxy with each of those as a unique LDAP server (like [ldap_server_auto2], [ldap_server_auto3], etc.). Each LDAP server section you add needs to be listening on a different port as well (set with the port= option). Then, just point the application to the corresponding port.

Example authproxy.cfg for two unique LDAP applications (the first listens on the default 389 port and the second has 388 specified):

[ldap_server_auto]
REM LDAP application 1
ikey=aaaaaa
skey=aaaaaaaaaaaa
api_host=xxxx
client=ad_client

[ldap_server_auto2]
REM LDAP application 2
ikey=bbbbb
skey=bbbbbbbbbbbb
api_host=xxxx
client=ad_client
port=388
Duo, not DUO.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
DuoKristina
Cisco Employee
Cisco Employee

‎03-28-2019 11:05 AM

You can create multiple LDAP applications in Duo for each of the applications you want to protect, and then configure the Duo proxy with each of those as a unique LDAP server (like [ldap_server_auto2], [ldap_server_auto3], etc.). Each LDAP server section you add needs to be listening on a different port as well (set with the port= option). Then, just point the application to the corresponding port.

Example authproxy.cfg for two unique LDAP applications (the first listens on the default 389 port and the second has 388 specified):

[ldap_server_auto]
REM LDAP application 1
ikey=aaaaaa
skey=aaaaaaaaaaaa
api_host=xxxx
client=ad_client

[ldap_server_auto2]
REM LDAP application 2
ikey=bbbbb
skey=bbbbbbbbbbbb
api_host=xxxx
client=ad_client
port=388
Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents