# Creating LDAP Configuration in Avo Assure

## Configuration Fields

Following are the configuration fields which are required while establishing the LDAP Configuration:

* **Server Name**: Name to identify your LDAP server. \
  Example: Corporate AD Server
* **Server URL**: The LDAP server connection string. \
  Format: ldap\://\<hostname>:\<port> or ldaps\://\<hostname>:\<port> \
  Example: ldap\://ad.example.com:389.&#x20;
* **Base Domain Name**: The root Distinguished Name (DN) of your directory where user searches begin. Example: DC=example,DC=com.
* **Secure Connection**: Choose whether to use a TLS secured connection when configuring the connection settings.&#x20;
  * **Disable**: Plain connection (not recommended).
  * **Enable**: Secure connection (recommended).&#x20;
  * **Enable Insecure**: Use Start TLS without verifying certificates.
* **TLS Certificate**: Upload your LDAP server’s TLS certificate if using Enable secure mode and ensures encrypted communication between Avo Assure and LDAP.&#x20;
* **Authentication**: Defines how Avo Assure binds to the LDAP server.
  * **Anonymous**: Connects without credentials (only works if LDAP server allows anonymous             &#x20;

    search).&#x20;
  * **Simple**: Requires Bind Principal (username) and Bind Credentials (password) to authenticate.
    * **Bind Principal**: The account used by Avo Assure to query the LDAP directory. \
      Format: CN=ldap-user,OU=ServiceAccounts,DC=example,DC=com.
    * **Bind Credentials**: Password for the above bind account.

### Data Mapping Settings

Data Mapping Settings is also a part of Configuration Fields which ensures user details from LDAP are correctly imported into Avo Assure.

Use these dropdowns to map LDAP attributes to Avo Assure user fields:

* **Username**: Typically sAMAccountName or uid.&#x20;
* **Firstname**: Maps to Name.&#x20;
* **Lastname**: Maps to Surname.&#x20;
* **Email**: Maps to mail.&#x20;

## Creating LDAP Configuration&#x20;

To create a LDAP configuration, perform the following actions:

1. On the **Home** page, select **Admin** option. The **Account Management** page opens.&#x20;

<figure><img src="/files/1Rf4R02QRNVUQRz51M3E" alt=""><figcaption></figcaption></figure>

2. Select **LDAP Configuration** tab.

<figure><img src="/files/r5u1bKpnLbqHGZMH9wIz" alt=""><figcaption></figcaption></figure>

3. Enter the LDAP server details: **Server Name**, **Server URL** and **Base Domain Name**.
   1. **Server Name**: Name to identify your LDAP server. \
      Example: Corporate AD Server
   2. **Server URL**: The LDAP server connection string. \
      Format: ldap\://\<hostname>:\<port> or ldaps\://\<hostname>:\<port>&#x20;

      Example: ldap\://ad.example.com:389.
   3. **Base Domain Name**: The root Distinguished Name (DN) of your directory where user searches     begin. \
      Example: DC=example,DC=com.

<figure><img src="/files/VH6ZsA39WB1jWw0uxU6Q" alt=""><figcaption></figcaption></figure>

4. Select **Secure Connection**.
   1. **Disable**: TLS Certificate is not required when **Disabled Secure Connection.**
   2. **Enable**: Select and provide **TLS Certificate** from the system when **Enabled Secure Connection**.
   3. **Enable Insecure**: Select and provide **TLS Certificate** from the system when **Enabled Insecure** Connection.

<figure><img src="/files/t5rFFr0Hv6bZxYmOWQOv" alt=""><figcaption></figcaption></figure>

6. Select **Authentication** mode:
   1. **Anonymous**: No credentials are required when **Anonymous** mode is selected.
   2. **Simple**: Enter **Bind Principal** and **Bind Credentials** when **Simple** mode is selected.
      1. **Bind Principal**: The account used by Avo Assure to query the LDAP directory. \
         Format: CN=ldap-user,OU=ServiceAccounts,DC=example,DC=com.
      2. **Bind Credentials**: Password for the above bind account.

<figure><img src="/files/BFFaLaFmS85EsbisQQDJ" alt=""><figcaption></figcaption></figure>

7. In **Data Mapping Settings**, form **Username** dropdown, select username.
8. From **Firstname** dropdown, select first name.
9. From **Lastname** dropdown, select last name.
10. From **Email** dropdown, select mail id.

<figure><img src="/files/r5q70RWuAfd2RD98H7o5" alt=""><figcaption></figcaption></figure>

11. Select **Create** button to create the LDAP configuration. &#x20;
12. Try login with a user account which is now configured in LDAP.

## Notes and Best Practices

Here are the notes and best practices which you should follow while configuring LDAP:

1. Always prefer secure LDAP (LDAPS, port 636) to protect credentials.&#x20;
2. Use a service account for Bind Principal with read-only permissions.&#x20;
3. Confirm with your IT/AD team regarding the correct attribute names for mapping.&#x20;
4. If your organization primarily uses SAML for SSO, LDAP can be avoided.&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.avoautomation.com/avo-assure/administration/authentication-configuration/ldap-configuration/creating-ldap-configuration-in-avo-assure.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.