Skip to main content

This document describes how to enable the built-in support for LDAP on the WiKID Strong Authentication server.

N.B.:PAM_LDAP currently does not work with WiKID.

Enable the LDAP Protocol

 

  • Launch a browser and open the WiKIDAdmin web-interface to the Configuration Tab.
  • Click on Enable Protocols.
  • Click on LDAP.
  • Enter the following information:
    • Leave LDAP_wauth_host as 127.0.0.1.
    • Leave LDAP_wauth_kfile as /opt/WiKID/private/localhost.p12.
    • For LDAP_wauth_pass, enter the passphrase you used for the localhost cert.
    • Leave LDAP_wauth_port as 8388.
    • Leave LDAP_wauth_server as 000000000000.

Create an LDAP Network Client

  • Click on the Network Clients Tab.
  • Click on Create a New Network Client.
  • Give the network client a descriptive name such as "Two_factor_ldap_website_access".
  • Enter the IP address of the network client. This should be the internal network IP address.
  • Select LDAP as the Protocol.
  • Select the WiKID Domain for this network client.
  • Click Add.
  • On the subsequent page, enter the following information:
    • For Base DN, enter dc=wikid,dc=asp:
    • For LDAP URL, ldap://localhost/
    • The last two optional items should be left blank.
  • Click Add NC.

You can test this configuration using ldapsearch from the network client (all on one line):

ldapsearch -x -p 389 -h WiKID_IP -D 'uid=USERNAME,domain=DOMAINIDENTIFIER' -W '(objectclass=*)'
(Some versions of ldapsearch may not support the -x option.) When prompted for a password, use the one-time password from your WiKID software token. Be sure that the token user is enabled on the correct domain.

 



 

Copyright © WiKID Systems, Inc. 2017 | Two-factor Authentication