LDAP Data Source

The LDAP data source collector discovers user accounts and groups from generic LDAP directory services. This enables organizations to identify all directory-based identities, manage access for non-Microsoft directory systems, and support compliance requirements across diverse identity infrastructure.

Permissions

In order to collect identity data from LDAP, a user or service account with read access to root directory tree must be created. Ensure the account has rscdx privileges, refer to OpenLDAP information.

Setting up the LDAP Data Source

The following guides you through the necessary steps.

1. Login to your Hydden tenant.
2. To access the data sources page, navigate to Configuration > Discover and select Data Sources or use the data source URL: https://portal.hydden.com/configuration/datasource.
3. To add the LDAP data source, click + Add Data Source.
4. From the configuration wizard, select the LDAP logo tile.
5. For Name enter an easy-to-identify name, especially if several data sources for the same service are to be created.
6. You may ignore the optional Preset field. When pre-configured data source presets are available for selection from the drop-down, but they can also be added manually via the +.
7. For Domain/Controller, enter your LDAP domain controller name.
8. If you already created your credential, select that credential from the Credential drop-down. If you have not yet created a credential, click the + to add an Account Credential for your LDAP instance.
9. You may ignore the optional Schedule field. To specify a Schedule either select from the list of pre-configured collection schedules or manually enter a new schedule via +.
10. Under Site, which is an optional field, specify the site that your client is installed, it can also be “default” if there is only one client for your organization.
11. Custom Properties is an optional field, if needed for your organization, enter specific key=value pairs, for example, environment=production.
12. Click Add to save the data source. You have an option to manually run the data collection via the Run Now button.

NOTE

If custom mapping rules are required, refer to the Advanced Configuration section in the Data Source Overview topic.

At this point, you can run a collection from the Data Sources page and shortly after, you will see your LDAP users listed on the Identity Posture dashboard, in Global Search and the Search Library.