Multiple "ldap_server_auto" entries for different applications

#1

Hello,

i have a question regarding the LDAP Proxy functionality. Right now we are using only one application who requires the “ldap-server-auto” part in the config file, but we are planning to use more.

Im aware of the fact that multiple applications can connect to the same proxy server on the same port thought. But what bothers me a bit, is the fact, that on the duo authentication log ( on the website) the “Application” is shown as i configured it.

But what if i have multiple applications, which uses these ? Is it somehow possible to split these ?
Else i have a bunch of users who connects to a global “LDAP Application”.

Is there a way to solve this somehow ?

Thanks in advance for the feedback !

0 Likes

#2

You can create multiple LDAP applications in Duo for each of the applications you want to protect, and then configure the Duo proxy with each of those as a unique LDAP server (like [ldap_server_auto2], [ldap_server_auto3], etc.). Each LDAP server section you add needs to be listening on a different port as well (set with the port= option). Then, just point the application to the corresponding port.

Example authproxy.cfg for two unique LDAP applications (the first listens on the default 389 port and the second has 388 specified):

[ldap_server_auto]
REM LDAP application 1
ikey=aaaaaa
skey=aaaaaaaaaaaa
api_host=xxxx
client=ad_client

[ldap_server_auto2]
REM LDAP application 2
ikey=bbbbb
skey=bbbbbbbbbbbb
api_host=xxxx
client=ad_client
port=388
0 Likes