Set up Secure LDAP
Secure LDAP
For increased security, it is recommended to use LDAPS instead of LDAP. In case of LDAPS, the ldap setting in UiPath Process Mining must be changed:
- the
urlmust be updated, - a
tlsOptionsproperty must be added.
The tlsOptions property will contain the contents of the LDAPS certificate. This certificate needs to be in the PEM file format.
If your certificate is in another format, you can use OpenSSL to convert it. The certificate needs to be added as a single line where all line breaks are noted as \n. For example:
If your certificate is in another format, you can use OpenSSL to convert it. The certificate needs to be added as a single line where all line breaks are noted as \n. See below for an example.
"ExternalAuthenticationProviders": {
"ldap": {
"url": "ldaps://PROCESSGOLDTEST.pgdctest.local:636",
"base": "DC=pgdctest,DC=local",
"bindDN": "PGDCTEST\)\)\) estuser",
"bindCredentials": "Passw0rd!",
"tlsOptions": {
"ca": ["-----BEGIN CERTIFICATE----\)
KJHIBuhobUYOBuy\)
jhgbouigh\)
-----END CERTIFICATE-----"],
"rejectUnauthorized": true
}
}
}
The server certificate is verified against the certificates in “ca”. Depending on how your LDAPS server is configured, “ca” can contain multiple certificates, or can even be omitted.
Debugging Secure LDAP
If you experience difficulties when setting up secure LDAP, you can omit the “ca” property for testing purposes. In which case you also must set the “rejectUnauthorized” property to false:
"ExternalAuthenticationProviders": {
"ldap": {
"url": "ldaps://PROCESSGOLDTEST.pgdctest.local:636",
"base": "DC=pgdctest,DC=local",
"bindDN": "PGDCTEST\)\)\) estuser",
"bindCredentials": "Passw0rd!",
"tlsOptions": {
"rejectUnauthorized": false
}
}
}
This way you can check if the issue is a certificate issue or something else.
Do not set “rejectUnauthorized” to false on production environments.