miniOrange LDAP Gateway allows login to publicly/privately hosted sites using credentials stored in Active Directory, OpenLDAP and other LDAP servers. If the LDAP Server is not publicly accessible from your site, this module can be used in conjunction with the miniOrange LDAP Gateway, which is deployed at the DMZ server in the intranet. Another benefit of this module is that multiple LDAP Configurations can be stored for multiple customers of a WordPress based Cloud Service Provider and mapping to the username can be done on the basis of the domain name.
miniOrange gateway is a small piece of software that can reside on a shared machine. It wont need its own machine and our customers generally install it on any server thats already in the DMZ.
Download the miniOrange Gateway zip file.
Extract the package to get the Tomcat Embedded LDAP Gateway
Navigate to <miniOrange Gateway Directory>/conf and edit the catalina.properties file.
Scroll down to the bottom of the file and change the value of the external.properties.file
- If you are using Windows Machine use this value: external.properties.file=\\webapps\\miniorangegateway\\WEB-INF\\classes\\application.properties
- If you are using Linux Machine use this value: external.properties.file=/webapps/miniorangegateway/WEB-INF/classes/application.properties
Navigate to <miniOrange Gateway Directory>/bin and start the server using the following commands in the terminal:
- For Windows Machine: catalina.bat jpda start
- For Linux Machine: sh catalina.sh start
Access the gateway from your browser using the url "<hostname:port>/miniorangegateway". Replace "<hostname>" with your hostname or server IP .
NOTE: If you want to run the gateway on some other port, you can refer the instruction below in the "How to run miniOrange LDAP Gateway on a Custom Port" Section.
You will be redirected to the following login form.
Use Username:"admin" and Password:"changeit" to log in.
Reset Password form will appear. Change the password and proceed.
Go to login.xecurify.com and log into your Xecurify Account.
After logging in, click on the settings tab on the top right corner.
Copy the Account Details and paste it in your Configure Keys page in your miniOrange Gateway .
Press the Save button and then proceed to the LDAP Configuration tab in your miniOrange Gateway and click on the Add LDAP Configuration button on top right.
Configure the miniOrange Gateway by adding the following LDAP Configuration details.
- Configuration Identifier: Any name that will specify this set of configuration.
- LDAP Server URL: Specify the host name for the LDAP server Eg: ldap://myldapserver.domain:389
- Bind Account DN:This will be used to establish the connection with LDAP Server. Specify it in the following ways:
Username@domainname or Distinguished Name(DN) format
- Bind Account Password: Password for the Bind Account in the LDAP Server.
- Search Bases: Provide distinguished name of the Search Base object Eg:cn=User,dc=domain,dc=com
- Search Filter: Search filters enable you to define search criteria and provide more efficient and effective searches. Eg: "(&(objectClass=*)(cn=?))"
- Domain Name: Semi-colon separated list of domain. Eg: miniorange.com
- First Name Attribute: LDAP attribute for the First Name. Eg: givenName
- Last Name Attribute: LDAP attribute for the Last Name. Eg: sn
- Email Attribute: LDAP attribute for the First Name. Eg: mail
- Username Attribute: LDAP attribute for the First Name. Eg: sAMAccountName
- Phone Attribute: LDAP attribute for the First Name. Eg: telephoneNumber
- LDAP Attribute List: Semi-colon separated list of attributes. Eg: cn;mail;givenName
- The following fields will be used to during the sync operation from miniOrange Gateway to miniOrange IdP:
- First Name Attribute
- Last Name Attribute
- Email Attribute
- Username Attribute
- Phone Attribute
- Press the Save button and proceed to the Schedules tab in the miniOrange Gateway.
- Schedules tab allows you to configure the functionality to Sync users to miniOrange IdP on One-Time as well as schedule basis.
- Configure the following details
- Base Sync OU: Search Base from which all the users should be synced.
- Start Time(hh:mm): Start time for the schedule sync.
NOTE: If you want to start the sync immediately then input time which has already passed.
- Sync Interval (in hrs): Time Interval between periodic sync.
- You have successfully installed and configured miniOrange LDAP Gateway.