Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
3171
Views
1
Helpful
4
Replies

Google LDAP tips?

Billy1
Level 1
Level 1

‎02-09-2021 02:40 PM

Trying to use Google LDAP for authentication, I believe I have all the pieces in order to get this working but cant get the authentication proxy to bind.

I have success in reading the LDAP directory using ldapsearch but no luck with Duo.

Google LDAP requires a .crt and .key file to authenticate and can do so anonymously. I’m guessing I have some optional items missing or incorrect from the cfg file.

Labels:
0 Helpful
4 Replies 4

KevinSiddique
Level 1
Level 1

‎02-10-2021 03:25 AM

Hi Billy,

I’ve run into the same issues it sounds like you’re having. In the end I couldn’t get a connection working directly so I used an stunnel proxy. I followed the instructions here: 4. Connect LDAP clients to the Secure LDAP service - Google Workspace Admin Help

Billy1
Level 1
Level 1
In response to KevinSiddique

‎02-11-2021 05:19 PM

Thanks, I got stunnel setup and now my authproxy_connectivity_tool.exe is reporting no errors.

Im using this for VPN radius authentication but my VPN is reporting the authentication server is not responding.

0 Helpful

Amy2
Level 5
Level 5

‎02-11-2021 12:17 PM

Hi Billy,
It looks like Google LDAP is not currently supported as an integration with Duo. This does not necessarily mean that you won’t be able to get it to work - as Kevin’s reply demonstrates Thank you @KevinSiddique for sharing a solution that worked for you!

I recommend you file a feature request with Duo Support (or your Customer Success Manager or Account Executive if you have one) for official Google LDAP support as well though. Thanks for posting here!

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee

‎02-11-2021 12:51 PM

If I understand, you want to configure an [ad_client] config section to point to Google LDAP for primary auth (instead of AD).

Today the Duo Authentication Proxy doesn’t support authenticating to an LDAP server with certificates, so as Amy suggested, creating a feature request for this with Duo is a good idea.

Kevin’s stunnel suggestion is what’s recommended in the Google Secure LDAP instructions:

IMPORTANT: Some LDAP clients, such as Apache Directory Studio, don’t support the uploading of digital certificates. To address this scenario, see Use stunnel as a proxy.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents
Top