MIDAS Active Directory (LDAP) Integration Active Directory Integration: Prerequisites

In order to be able to use the LDAP integration offered by MIDAS, a number of prerequisites must first be met:

Also check out our Integration Test Tool to help verify your infrastructure meets the requirements set out below

MIDAS

You must be running MIDAS v4.06 (or later) on your own server (self-hosted), and your MIDAS must be licensed for "Unlimited" users.

Tip: If you need to upgrade your self-hosted MIDAS license to "Unlimited" users you can do so at https://mid.as/upgrade

IMPORTANT: If your MIDAS is hosted by us in the "cloud" and/or your MIDAS isn't licensed for "Unlimited" users, Active Directory integration is not available

Server

It is assumed that you already have an Active Directory setup and running within your infrastructure, and that you have a working knowledge of your company's Active Directory. Setting up of an Active Directory itself is beyond the scope of this documentation.

It is also assumed that you're running either an Apache or an Internet Information Services (IIS) web server.

Apache

The module "mod_auth_sspi.so" or "mod_authnz_sspi.so" is required on the server where your MIDAS system resides. See Configuring Apache

IIS

Windows authentication needs to be enabled on the server where your MIDAS system resides. See Configuring IIS

Perl

The Perl module Net::LDAP is required on the server where your MIDAS system resides. This module provides LDAP support to Perl (the programming language MIDAS is written in) and may be freely obtained via CPAN.

Tip: If you're using ActiveState Perl, this module may be installed via the Perl Package Manager, where it is listed as "perl-ldap"

Tip: For assistance installing Perl modules, please see our KB article: How to install Perl modules

AD Users

All Active Directory users must have a unique email address associated with their AD entry in order for them to be able to authenticate and login to MIDAS.

Active Directory users should also be assigned a "Primary Group" within your AD. A user's "Primary Group" is subsequently used by MIDAS to determine the set of permissions to be applied to the user. If an AD user has no "Primary Group" set, MIDAS will allocate them a very basic/restrictive set of permissions instead.

End Users

End users must be logged on to their computer/workstation through your Active Directory. If they logged onto their device "locally", they may not be able to seamlessly authenticate against your Active Directory when they open MIDAS, and may instead be prompted for their system credentials.

User's browsers must also be capable of determining the username of the logged-in user. See Configuring Browsers