Hello there!

Need Help? We are right here!

support
miniOrange Email Support
success

Thanks for your inquiry.

If you dont hear from us within 24 hours, please feel free to send a follow up email to info@xecurify.com

miniOrange LDAP Gateway
Login to publicly/privately hosted sites using credentials stored in Active Directory, OpenLDAP and other LDAP servers.

miniOrange LDAP Gateway


miniOrange LDAP Gateway allows login to publicly/privately hosted sites using credentials stored in Active Directory, OpenLDAP and other LDAP servers. If the LDAP Server is not publicly accessible from your site, this module can be used in conjunction with the miniOrange LDAP Gateway, which is deployed at the DMZ server in the intranet. Another benefit of this module is that multiple LDAP Configurations can be stored for multiple customers of a WordPress based Cloud Service Provider and mapping to the username can be done on the basis of the domain name.

miniOrange gateway is a small piece of software that can reside on a shared machine. It wont need its own machine and our customers generally install it on any server thats already in the DMZ.


miniorange ldap gateway architecture

Why LDAP Gateway?


Follow the Step-by-Step Guide given below to Setup miniOrange LDAP Gateway

Pre-Requisites

  • Setup JAVA (JAVA 8/ JDK 1.8)
    1. For Windows Machine use : Click here to Download JAVA 8
    2. For Linux Machine: Download OpenJDK 1.8.

      For Debian, Ubuntu, etc. use sudo apt-get install openjdk-8-jre
      For Fedora, Oracle Linux, Red Hat Enterprise Linux, etc. use su -c "yum install java-1.8.0-openjdk
  • Setup Environment Variables
    1. JAVA_HOME: Set this to point to the JDK directory. Eg: C:\Program Files\Java\jdk1.8.0_221
    2. CATALINA_HOME: Set this to point to the Tomcat root directory. Eg: C:\miniorangegateway-1.0.5\

Step 1: Download and Extract miniOrange Gateway

  • Click here to Download the latest miniOrange LDAP Gateway Module.
  • Extract the package to get the Tomcat Embedded LDAP Gateway

Step 2:(Optional) Configure Port to run miniOrange Gateway

  • To run miniOrange LDAP Gateway on a port other than 8080, Navigate to <miniOrange Gateway Directory>/conf and edit server.xml
  • Search for " Connector port="8080" protocol="HTTP/1.1" "

    miniorange ldap gateway default port configuration

  • Change the port from 8080 to the required port. Eg: 80
  • Access the gateway from your browser using the url "<hostname:port>/miniorangegateway". Replace "<hostname>" with your hostname or server IP .

Step 3:(Optional) Setup SSL for LDAP Gateway

NOTE: This step is mandatory for Chrome Browser. Chrome will not run the Web-Application on HTTP. For all the other browsers this is optional.

  • Click here to follow the steps if you have CA certificates.
  • Follow the below steps if you want dont have CA certificates.
    1. Generate Keystore:
      • Navigate to the %JAVA_HOME%\bin directory in the file explorer. Create a certs directory in it.

        miniorange ldap gateway create certs directory

      • Navigate to the %JAVA_HOME%\bin directory in the command line ( in Administrator mode ) and execute the command:
        keytool -genkey -alias <ALIAS> -keyalg RSA -keystore <JAVA_HOME>\bin\certs\keystore.jks

        miniorange ldap gateway execute key tool command

        This creates a keystore in the certs folder created in (a).


        miniorange ldap gateway create a keystore

    2. Configure Connector:
      This is required to configure Tomcat to run on port 443(SSL Port).
      • Navigate to the <Tomcat Directory>\conf and edit the server.xml file.

        miniorange ldap gateway navigate to server.xml

      • Add a connector element under <Service name="Catalina"> . The following configuration needs to be placed in the connector element:
        <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https"
        secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="<PATH_TO_KEYSTORE>"
        keystorePass="KEYSTORE_PASSWORD" />


        miniorange ldap gateway add connector


    3. Assign Server Name to Tomcat:
      • Edit the %windows%\system32\drivers\etc\hosts file and add the following line:
        127.0.0.1 <newhostname>

        miniorange ldap gateway assign server name

      • Navigate to the <Tomcat Directory>\conf and edit the server.xml file.
      • Search for the <Engine name="Catalina" defaultHost="localhost"> and replace localhost with the newhostname of the server.

        miniorange ldap gateway configure new hostname

      • Search for the <Host> element and replace name=localhost with name=<IP Address/DNS> of the server.

        miniorange ldap gateway replace new hostname

      • Restart Tomcat by running startup.bat under <Tomcat Directory>\bin. Navigate to the following address:
        https://<newhostname:port>/miniorangegateway.

Step 4: Starting miniOrange Gateway

  • Navigate to <miniOrange Gateway Directory>/bin and start the server using the following commands in the terminal:
    1. For Windows Machine use : catalina.bat start
    2. For Linux Machine: sh catalina.sh start
  • Access the gateway from your browser using the url "<hostname:port>/miniorangegateway". Replace "<hostname>" with your hostname or server IP .
    Eg:localhost:8080/miniorangegateway.

    NOTE: If you have configured another port in Step-2, you can use that custom port instead of 8080. Eg. If you configured Tomcat to run on 8081 then the url will be Eg:localhost:8081/miniorangegateway.


Step 5: Log into miniOrange Gateway

  • On accessing the Gateway Application in your browser. You will be redirected to admin login page.

  • miniorange ldap gateway login form

  • Enter the login credentials of your miniOrange Cloud Admin Account. [The one you use to login at login.xecurify.com].
  • After successful login you should be redirected to View LDAP Configurations page.

  • miniorange ldap gateway add ldap connection

Step 6: Connecting LDAP Gateway to Directory

  • Click on the LDAP Connection tab.
  • This should show to list of LDAP Configurations.
  • You could either Click on Edit or on the Add LDAP Configuration to start configuring your LDAP information.

  • miniorange ldap gateway add ldap configuration

  • Configure the miniOrange Gateway by adding the following LDAP Configuration details.

    miniorange ldap gateway configuration

  • Field Description.
    Configuration Identifier Any name that will specify this set of configuration.
    LDAP Server URL Specify the host name for the LDAP server Eg: ldap://myldapserver.domain:389
    Bind Account DN This will be used to establish the connection with LDAP Server. Specify it in the following ways:
    Username@domainname or Distinguished Name(DN) format
    Bind Account Password: Password for the Bind Account in the LDAP Server
    Search Bases: Provide distinguished name of the Search Base object Eg:cn=User,dc=domain,dc=com
    Search Filter: Search filters enable you to define search criteria and provide more efficient and effective searches. Eg: "(&(objectClass=*)(cn=?))"
    Domain Name: Semi-colon separated list of domain. Eg: miniorange.com
    First Name Attribute: LDAP attribute for the First Name. Eg: givenName
    Last Name Attribute LDAP attribute for the Last Name. Eg: sn
    Email Attribute LDAP attribute for the First Name. Eg: mail
    Username Attribute: LDAP attribute for the First Name. Eg: sAMAccountName
    Phone Attribute LDAP attribute for the First Name. Eg: telephoneNumber
    LDAP Attribute List Semi-colon separated list of attributes. Eg: cn;mail;givenName
    Enable Configuration for Sync This option Enables/Disables the enrollment of the current connection is Scheduler
  • Click the Save button.
  • To test the current LDAP connection, you will have to go back

Step 7:Connecting miniOrange Cloud to Gateway.

  • Login to miniOrange dashboard from the Admin Console.
  • From the left side menu, click on User Stores >> Add User Store.
  • miniorange ldap sync add gateway user store in cloud

  • Select User Store type as AD/LDAP.
  • Select the STORE LDAP CONFIGURATION ON PREMISE option.
  • Enable the I have downloaded, installed and configured the miniOrange gateway checkbox.
  • Enter LDAP Display Name and LDAP Identifier name.
  • Select Directory Type as Active Directory.
  • Configure the Gateway URL. Select the appropriate protocol, either HTTP or HTTPS from the dropdown and configure the public url of the deployed Gateway.
    Eg:localhost:8080/miniorangegateway.
  • Enable Activate LDAP checkbox
  • miniorange ldap sync configure AD/LDAP gateway user store in cloud

  • Click on Save
  • For further information on how to configure directory in the miniOrange Cloud, you can click here.

Step 8:Test Connection from Cloud to AD.

  • Login to miniOrange dashboard from the Admin Console.
  • From the left side menu, click on User Stores.
  • List of all the configured User-Stores will be visible. Click on the Select link of the configuration that we setup in step 7
  • Select Test-Connection from the drop down
  • minirorange ldap gateway test cloud idp to ad connection via gateway

  • A pop-up will appear. Enter valid username and password and click on Test.

  • minirorange ldap gateway test ldap connection popup


  • On Successful connection with LDAP Server, a success message is shown.

  • minirorange ldap connection successful

Step 9:Setting up One-Time/Scheduled Sync between Directory and miniOrange

    NOTE: This step is optional. Follow the below steps if you want to setup user sync between your Directory and the miniOrange Cloud service via LDAP Gateway. We support both, scheduled sync as well as One Time Sync. If you want to start the sync immediately or want to use One-Time Sync then configure the time which has already passed in the Start Time(hh:mm) field.

    Eg. If the server time is 13:00 then anytime before 13:00 should initiate immediate sync.

  • Click On Schedules from the left Pane.
  • Configure the following details:
  • Field Description.
    Enable Schedules Enable/Disable the Scheduler.
    Send Groups in Sync Enable/Disable sending user groups during sync
    Start Time(hh:mm) Start time for the schedule sync Eg: 01 in hours and 01 in minutes.
    Sync Interval (in hrs) Time Interval between periodic sync.


    miniorange ldap gateway schedules configuration

  • Enable the Enable Schedules checkbox and Click on Save
  • The users from various LDAP configurations will be synced based on whether "Enable Configuration for Sync" is enabled

Step 10:(Optional) Setup LDAPS connection with your directory.

    NOTE: This step is optional. Follow the below setup if you want to connect to your Directory using LDAP over SSL.

  • To configure LDAP Gateway to connect to your Directory over an Secure LDAP. You will be required to import your LDAPS certificate in your JAVA TrustManager.
  • Run the following command to install the certificate in cacerts.
  • For Windows:
    • keytool -importcert -alias "mOrangeLDAPS"
      -keystore "C:\Program Files\Java\jre1.8.0_231\lib\security\cacerts"
      -file "C:\Users\Administrator\Documents\mOrangeLDAPS.cer"

  • For Linux:
    • keytool -importcert -alias "mOrangeLDAPS"
      -keystore "/usr/java/jdk1.8.0_144/jre/lib/security/cacerts"
      -file "/home/mOrangeLDAPS.cer"

  • Restart your web server.

Why Our Customers choose miniOrange Secure Identity Solutions ?


24/7 Support

miniOrange provides 24/7 support for all the Secure Identity Solutions. We ensure high quality support to meet your satisfaction.

Try Now

Affordable Pricing

miniorange provides most affordable Secure Identity Solutions for all type of use cases and offers different packages based on customer's requirement.

Request A Quote


We offer Secure Identity Solutions for Single Sign-On, Two Factor Authentication, Adaptive MFA, Provisioning, and much more. Please contact us at -

   +1 978 658 9387 (US)   ,   +91 97178 45846 (India)    |       info@xecurify.com