Documentation forSecurity Event Manager

Configure LDAP for SEM

In SEM 2020.4 and newer versions, you can create multiple LDAP connections.

  1. Click the settings icon on the upper right.

  2. Select Authentication > LDAP Configuration.

    If any LDAP configurations have already been created these are displayed.

  3. Click Create configuration.

    The Create LDAP Configuration dialog is displayed.

  4. Enter the following information:

    FieldDescription
    Configuration NameEnter a friendly name of your choosing for the LDAP configuration.
    IP or Hostname

    Enter the IP address or host name of your LDAP server.

    DomainEnter the fully-qualified domain name for the account store.

    Directory Service Server User Name

    Use the format account_name@example.com.

    SolarWinds recommends using a Directory Service account to prevent integration issues if the software license expires. The user name does not require special privileges (such as Domain Admin) to be a Directory Service user.

    Directory Service Server PasswordEnter the password for the user account.
    Use SSL Encryption

    (Optional) Select to use the transport layer security protocol (LDAPS) for a secure connection. This option directs traffic from the SEM VM to a designated server (usually a domain controller) for use with the Directory Service tool.

    LDAP Port

    If SSL encryption is not used, the default for this setting is 389. If SSL encryption is used, the default for the port is 636.

    Use for AuthenticationSelect, then click Next if you wish to use Advanced Settings shown below.
    Domain Aliases (Optional) Specify any Domain Alias names that should be authenticated using this LDAP configuration. (The role/group names configured on this page will also apply.)
    NetBIOS Names (Optional) Specify any NetBIOS names that should be authenticated using this LDAP configuration. (The role/group names configured on this page will also apply.)
    Admin Group (Optional) Specify the DS group in Active Directory to use for the SEM administrator role. If you do not specify a name, the default ROLE_LEM_ADMINISTRATORS group is used.
    Alerts Only Group (Optional) Specify the DS group in Active Directory to use for the SEM auditor role. If you do not specify a name, the default ROLE_LEM_AUDITOR group is used.
    Guest Group (Optional) Specify the DS group in Active Directory to use for the SEM guest role. If you do not specify a name, the default ROLE_LEM_GUESTS group is used.
    Notify Only Group (Optional) Specify the DS group in Active Directory to use for the SEM notifications role. If you do not specify a name, the default ROLE_LEM_CONTACTS group is used.
    Reports Group (Optional) Specify the DS group in Active Directory to use for the SEM reports role. If you do not specify a name, the default ROLE_LEM_REPORTS group is used.

  5. Click Next.
  6. If you are using SSL encryption, the SSL certificate will be shown. Click I trust this certificate to confirm.
  7. Click Finish to create this configuration.
  8. Configurations can be sorted by name. For each configuration, the name, server, and domain are displayed, plus flags to show if they use SSL and/or used for Authentication.

Enable and disable LDAP configurations

Configurations are enabled as soon as they are created.

Use the toggles to disable or enable individual LDAP configurations.

A warning message is displayed if you disable a configuration informing you that users will be unable to log on from that domain and any logged-in users from that domain will be immediately logged out.

Edit or delete an LDAP configuration

  1. To edit or delete an LDAP configuration, click on the vertical ellipsis icon after the configuration.

  2. Click Edit to display the Configure LDAP details for this configuration (which can now be saved) or click Delete to remove this configuration.