03-27-2019 10:23 AM
Hello,
i have a question regarding the LDAP Proxy functionality. Right now we are using only one application who requires the “ldap-server-auto” part in the config file, but we are planning to use more.
Im aware of the fact that multiple applications can connect to the same proxy server on the same port thought. But what bothers me a bit, is the fact, that on the duo authentication log ( on the website) the “Application” is shown as i configured it.
But what if i have multiple applications, which uses these ? Is it somehow possible to split these ?
Else i have a bunch of users who connects to a global “LDAP Application”.
Is there a way to solve this somehow ?
Thanks in advance for the feedback !
Solved! Go to Solution.
03-28-2019 11:05 AM
You can create multiple LDAP applications in Duo for each of the applications you want to protect, and then configure the Duo proxy with each of those as a unique LDAP server (like [ldap_server_auto2]
, [ldap_server_auto3]
, etc.). Each LDAP server section you add needs to be listening on a different port as well (set with the port=
option). Then, just point the application to the corresponding port.
Example authproxy.cfg
for two unique LDAP applications (the first listens on the default 389 port and the second has 388 specified):
[ldap_server_auto]
REM LDAP application 1
ikey=aaaaaa
skey=aaaaaaaaaaaa
api_host=xxxx
client=ad_client
[ldap_server_auto2]
REM LDAP application 2
ikey=bbbbb
skey=bbbbbbbbbbbb
api_host=xxxx
client=ad_client
port=388
03-28-2019 11:05 AM
You can create multiple LDAP applications in Duo for each of the applications you want to protect, and then configure the Duo proxy with each of those as a unique LDAP server (like [ldap_server_auto2]
, [ldap_server_auto3]
, etc.). Each LDAP server section you add needs to be listening on a different port as well (set with the port=
option). Then, just point the application to the corresponding port.
Example authproxy.cfg
for two unique LDAP applications (the first listens on the default 389 port and the second has 388 specified):
[ldap_server_auto]
REM LDAP application 1
ikey=aaaaaa
skey=aaaaaaaaaaaa
api_host=xxxx
client=ad_client
[ldap_server_auto2]
REM LDAP application 2
ikey=bbbbb
skey=bbbbbbbbbbbb
api_host=xxxx
client=ad_client
port=388
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide