Integration of LDAP Connectors

The LDAP Connector feature in CERTInext enables integration with enterprise LDAP and Active Directory (AD) environments for centralized authentication, user synchronization, role mapping, and attribute auto-population. By integrating LDAP or Active Directory, organizations can align CERTInext access management with existing enterprise identity infrastructure.

LDAP integration helps organizations:

Centralize user authentication
Enable Active Directory login
Synchronize enterprise users automatically
Map AD groups to CERTInext roles
Auto-populate certificate request fields from directory attributes
Enforce enterprise identity governance policies

Typical directory services supported include:

Microsoft Active Directory
OpenLDAP
Azure AD DS
Enterprise LDAP servers supporting LDAP/LDAPS protocols

Accessing LDAP Connectors

To configure LDAP integration:

Navigate to Integrations → LDAP Connectors
Click Create LDAP Connector

This opens the LDAP connector configuration page where connectivity and authentication settings are configured.

LDAP Connector Configuration

The following fields are required when creating an LDAP connector.

Connector Name

Defines a unique name for the LDAP connector.

Example:

Corporate AD Primary

This name is used internally within CERTInext.

Host

Specifies the LDAP or Active Directory server hostname or IP address.

Example:

ad.corp.example.com

Port

Defines the LDAP communication port.

Common values:

389 → LDAP
636 → LDAPS (Secure LDAP)

Security Type

Defines the LDAP connection security protocol.

Available options include:

LDAP

Standard LDAP communication.

LDAPS

Encrypted LDAP communication over SSL/TLS.

LDAPS is recommended for production environments.

Base DN

Defines the directory search base location.

Example:

DC=corp,DC=example,DC=com

CERTInext uses this location to search users and groups within the directory.

Authentication Type

Defines how CERTInext authenticates with LDAP.

Available options include:

Simple Bind

Uses a service account username and password.

GSSAPI (Kerberos)

Uses Kerberos-based authentication for secure enterprise authentication environments.

Bind DN

Specifies the LDAP service account distinguished name.

Example:

CN=svc-ldap,OU=ServiceAccounts,DC=corp,DC=example,DC=com

This account is used by CERTInext to query LDAP/AD.

Bind Password

Defines the password associated with the Bind DN service account.

The password is securely stored within CERTInext.

Search Filter

Defines the LDAP query filter used to locate directory objects.

Example:

(objectClass=*)

Custom filters may be used to restrict synchronization to specific user types or organizational units.

Connection Timeout (ms)

Defines the LDAP connection timeout value in milliseconds.

Example:

Read Timeout (ms)

Defines the LDAP read operation timeout value.

Example:

Description

Optional field used for administrative notes or connector identification.

Testing the LDAP Connector

After entering all required details:

Click Test Connection
CERTInext validates:
- LDAP connectivity
- Authentication credentials
- Directory accessibility
- Search base access
- Query execution

If validation succeeds, the connector can be saved and used for authentication and synchronization workflows.

LDAP Group to CERTInext Role Mapping

CERTInext supports automatic mapping of Active Directory groups to CERTInext roles.

To configure role mapping:

Navigate to: Integrations → LDAP Connectors → AD Group-CERTInext Role Mapping
Select the LDAP connector
Click Fetch AD Groups
Configure mappings between:
- Active Directory groups
- CERTInext roles
Assign priority values where multiple mappings exist
Click Save Mappings

Supported Role Mapping Use Cases

LDAP group mapping enables organizations to:

Automatically assign user roles
Enforce least-privilege access
Centralize access governance
Simplify onboarding and offboarding

Example:

AD Group

CERTInext Role

PKI_Admins

Administrator

SSL_Managers

Manager

Discovery_Users

Discovery User

AD Attribute Mapping

CERTInext supports mapping LDAP attributes to certificate request fields.

This enables automatic population of certificate request information directly from Active Directory.

To configure attribute mapping:

Navigate to: Integrations → LDAP Connectors → AD Attribute Mapping
Select the LDAP connector
Select the User Lookup Attribute
Configure field mappings
Save the mapping configuration

User Lookup Attribute

Defines which LDAP attribute is used to identify users.

Example:

Email Address (mail)

Supported Mapping Use Cases

Attribute mapping can auto-populate:

Common Name (CN)
Email Address
Department
Organization
Organizational Unit
User Principal Name
DNS names

This reduces manual input and improves certificate request consistency.

Active Directory Synchronization

LDAP integration can also support automatic user synchronization.

Supported synchronization capabilities include:

Import AD users automatically
Periodic synchronization
User activation/deactivation sync
Role synchronization
Group-based provisioning

Operational Flow

The LDAP integration workflow typically follows:

CERTInext → LDAP/AD Authentication → User Validation → Role Mapping → Platform Access

For certificate workflows:

CERTInext → LDAP Attribute Lookup → Auto-populate Request Fields → Certificate Issuance

PreviousManaging CA Accounts NextIntegration of DNS Connectors

Last updated 27 days ago