MIDAS Active Directory (LDAP) IntegrationActive Directory Integration

Pre-Requisites

In order to be able to use the LDAP integration offered by MIDAS, the following pre-requisites must first be met:

Also check out our Integration Test Tool to help verify your infrastructure meets the requirements below

MIDAS

Your must be running MIDAS v4.06 (or later) on your own server (self-hosted), and your MIDAS must be licensed for "Unlimited" users.

Tip: If you need to upgrade your self-hosted MIDAS licence to "Unlimited" users you can do so at https://mid.as/upgrade

IMPORTANT: If your MIDAS is hosted by us in the "cloud" and/or your MIDAS isn't licensed for "Unlimited" users, Active Directory integration is not available

Server

It is assumed that you already have an Active Directory setup and running within your infrastructure. Setting up of an Active Directory itself is beyond the scope of this documentation.

It is also assumed that you're running either an Apache or an IIS web server.

Apache

The module "mod_auth_sspi.so" is required on the server where your MIDAS resides. See Configuring Apache

IIS

Windows authentication needs to be enabled on the server where your MIDAS resides. See Configuring IIS

Perl

The Perl module Net::LDAP is required on the server where your MIDAS resides. This module provides LDAP support to Perl (the language MIDAS is written in) and may be freely obtained via CPAN.

Tip: If you're using ActiveState Perl, this module may be installed via the Perl Package Manager, where it is listed as "perl-ldap"

AD Users

All Active Directory users must have a unique email address associated with their AD entry in order for them to be able to authenticate and login to MIDAS.

Active Directory users should also be assigned a "Primary Group" within the AD. A user's "Primary Group" is susequently used by MIDAS to determine the set of permissions to be applied to the user. If an AD user has no "Primary Group" set, MIDAS will allocate them a very basic/restrictive set of permissions instead.

End Users

End users must be logged on to their computer/workstation through your Active Directory. If they logged onto their device "locally", they may not be able to seamlessly authenticate against your Active Directory when using MIDAS, and may instead be prompted for their system credentials.

User's browsers must also be capable of determining the username of the logged in user. See Configuring Browsers