LDAP Authentication for Access Server VPN Users

Abstract

Access Server supports Lightweight Directory Access Protocol (LDAP) as an authentication method.

You can configure it directly in the Admin Web UI. Sign in to your Admin Web UI and click Authentication > Settings. Alternatively, you can configure this from the command line by changing the configuration key, auth.module.type.

Notice

Access Server 2.10 and newer supports more than one authentication system for your users. For instance, you can set up your end users with LDAP authentication integrated with Active Directory and create your VPN administrator accounts with local authentication. For more information, refer to Access Server’s User Authentication System.

LDAP authentication overview

Lightweight directory access protocol (LDAP) is a protocol used for directory service authentication. You can use LDAP to integrate Access Server with directory services such as Active Directory, JumpCloud, Okta, etc.

LDAP requires configuration in the Admin Web UI before it can be used to authenticate users. These settings include which server to contact, any required bind user credentials to access the authentication backend, and the search query and user ID attribute to search for.

Once configured, Access Server checks the LDAP server to validate credentials when a user connects to the VPN.

Caution

Access Server can't make password changes for users in LDAP.

LDAP tutorials

In this section: