LDAP
Lightweight Directory Access Protocol (LDAP) is an access protocol used to access and manage directory information, providing the ability to authenticate organizational users across many applications.
In Corellium, LDAP can be used to allow users to log in with their LDAP credentials and assign users to Corellium teams based on their LDAP groups.
Enable LDAP for Your Domain
To enable LDAP from an existing Corellium domain, follow the steps below:
Log in as the domain administrator and navigate to the Admin -> Authentication page.
Click on the "Enable LDAP authentication" toggle.
Set your Server Connection Details tab, fill in your LDAP server URL and optional port, and click Update changes.
- Optionally enable LDAPS to secure the connection to the LDAP server.
In the Authentication Credentials tab, set your Bind Distinguished Name and Bind Password.
- An example of a Bind DN is
cn=admin,dc=corellium,dc=com
.
- An example of a Bind DN is
Optionally, if you want users to be automatically assigned to Corellium teams, set the Group Search Configuration.
- Set the Group Base Distinguished Name for your organization. An example of a Group Base DN is
ou=corellium-groups,dc=corellium,dc=co
. - If you choose not to set the organization unit (OU) in Group Base DN, set the OU in the Group Search Base field.
- You can also specify a Group Search Filter for querying groups, such as by location.
- Set the Group Base Distinguished Name for your organization. An example of a Group Base DN is
In the User Search Configuration tab, set the Base Distinguished Name.
- Set the Base Distinguished Name for your organization. An example of a Base DN is
ou=users,dc=corellium,dc=com
. - If you choose to not set the organization unit (OU) in Base DN, set the OU in the User Search Base field.
- You can also specify a User Search Filter for querying users, such as by location.
- Set the Base Distinguished Name for your organization. An example of a Base DN is
In the User Attribute Mapping tab, specify the username, email, first name, and last name mapping for the LDAP users.
Log in with LDAP
From the domain login page, click on the new button Sign in with your organization to proceed with LDAP login.
Once authenticated, you will be directed to the Corellium device page.
Limitations
While LDAP provides a convenient way to manage user authentication, there are a few limitations to be aware of:
A user can be a member of a maximum of 50 groups.
LDAP in Corellium does not support nested groups.
Troubleshooting
Please review this section if you encounter any issues with LDAP authentication in Corellium.
For further assistance or specific queries, please refer to our technical support team.
ECONNREFUSED Error
If you encounter an ECONNREFUSED
error when trying to connect to your LDAP server, the connection to the LDAP server was refused. This could be due to a misconfiguration in the LDAP server settings or a firewall blocking the connection.
User does not exist Error
A User does not exist
error when trying to authenticate with LDAP is likely due to either:
The specified user does not exist in the LDAP directory. Please ensure that the username you're using is correct and exists in your LDAP directory.
The Base Distinguished Name (DN) might be incorrectly configured. The Base DN is the starting point for the LDAP search and should be correctly set to match your LDAP directory structure. Please verify that it's properly configured.