LDAP - Active Directory Integration
Posted by Jim Giseburt, Last modified by Jose Urquiza on 27 June 2017 12:05 PM
Cipafilter can integrate with Active Directory for authentication to allow for filtering by Active Directory group and reporting by username. Configuration is easily accomplished using the following steps:
- Active Directory Configuration - integrate the Cipafilter with Active Directory
- In Active Directory
- Create a new OU called Cipafilter Authentication. This OU will help you identify items used with the Cipafilter.
- In the Cipafilter OU, create a Domain User for use with the Cipafilter. Ensure that the user's password does not need to be changed at logon and that it never expires.
- Delegate control to read user items in AD to the user that you just created. Please view Active Directory - LDAP: How to Delegate Control for the Cipafilter User.
- In the Cipafilter OU, create a global security group named nointernet and one named unfiltered.
By placing a user in one of these groups, you can either prevent them from having Internet access or allow them to have unfiltered Internet access.
- Create global security groups based upon how you would like to filter users (i.e. students vs staff). When creating group names, please be advised that the Cipafilter does not like spaces in the group name.
- In the Cipafilter Management Interface
- Navigate to the Authentication tab of the Content Filtering page.
- Change the Authentication Method to Windows Active Directory.
- Enter the IP of your Active Directory server in LDAP Server Address.
- Enter the username and password that you created above in LDAP User Name and LDAP Password.
- Click the magic wand icon to automatically detect the LDAP Search Base and Windows Domain.
- Click the check icon to verify settings. In the event of an error, verify the LDAP User Name and re-enter the LDAP Password.
- Press the Save and Apply button to save your changes.
- Navigate to the Authentication Tools page.
- In the Query Group Memberships section, enter a valid Username and press Query. The group memberships for the user should be displayed.
- Navigate to the Group Permissions page.
The Group Configuration tab is used to define the properties of each filtering group. The Group Management tab is used to add, delete, and rename groups.
- On the Group Configuration tab, define the filtering permissions for the default group.
Please note that you can copy a previously defined group. By configuring the default group prior to creating any new groups, you can use it as the template for additional groups.
- Select the Group Management tab.
- For each filtering group created in Active Directory, create a group by the same name in the Cipafilter. You can copy the default group by selecting the button to the right of the group name.
- Select the Group Configuration tab and make any changes you desire to each group.