Active Directory Auth Plugin
The Active Directory auth plugin connects Konduo Enterprise login to Active Directory or a generic LDAP directory. It only implements the auth_provider interface; authorization and role policy remain owned by Konduo RBAC.
Highlights
- Supports
auto,active_directory, andgeneric_ldapmodes with RootDSE-based detection and LDAP fallback. - Exposes username/password login, external account profiles, and externally managed password policy.
- Supports LDAPS, StartTLS, CA bundles, and client certificate based mTLS.
- Reports bind, base DN search, TLS posture, access filters, and external ID strategy in health metadata without exposing secrets.
Before Registration
- Prepare LDAP URL, bind DN, bind password, base DN, and user search filter.
- Prepare a CA certificate or valid server certificate chain when TLS verification is enabled.
- Keep test users and a local recovery administrator when login gates depend on AD groups or LDAP attributes.
Operations Tips
- If
automode resolves as generic LDAP unexpectedly, inspect RootDSE responses and the configured directory mode. - Authentication success and RBAC assignment are separate. Validate Konduo role mapping after the login gate passes.
insecure_skip_verifyonly disables server certificate verification; it does not replace client certificates required by the directory server.