This content has been moved to:
https://trustelem-doc.wallix.com/books/trustelem-administration/page/ldap-radius

LDAP-Radius

The goal is to use Trustelem database to provision/authenticate users on an application using LDAP or Radius.
To do so, a connector, TrustelemConnect, is installed on a server able to contact the application.

flow

1/ During the setup, TrustelemConnect opens a websocket to Trustelem services using port 443.
Note: with the websocket, information is encrypted by TLS protocol and with an additional symmetric encryption.

2/ The application asks about users to TrustelemConnect on a specific port (for example 5214) using LDAP or Radius.

3/ TrustelemConnect uses the websocket to send to Trustelem services:

  • the request

  • the IP (TrustelemConnect listen address) and port used by the application to contact TrustelemConnect (in our example IP-Server2 and port 5214)

4/ On Trustelem, the port is associated to a specific application. Trustelem returns to TrustelemConnect the users who have an access-rule for this app, using the websocket.

port

With the example, IP-Server2 is allowed for port 5214 so Trustelem returns the information about users who have an access-rule for the application Bastion.

5/ TrustelemConnect replies to the application using LDAP or Radius.

Setup TrustelemConnect

In your Trustelem administration page:

  • Go to the Services tab.
    https://admin-mydomain.trustelem.com/app#/services
    Note: if you don’t have access to this feature, please contact WALLIX Trustelem support.

  • Click on the button + Create a service and copy the service ID.

port

On your server:

  • Download the latest version of Trustelem Connect, available at this URL:
    https://dl.trustelem.com/connect/

  • Paste your service ID in the setup (window or file).

  • Start the service.

setup

In your administration page

  • Refresh your Services page.

  • Turn on the service by clicking on No.

setup

You now have a functional connector.

Setup Trustelem

In your Trustelem administration page:

  • Go to the Apps tab.

  • Click on + Add an application

  • Choose either a pre-integrated application or a generic model depending on your need.
    To use only LDAP / Radius the generic Basic no SSO model is enough.

  • Turn on LDAP and/or Radius.

app

  • Go back to the previously configured service and click on Add an application +

  • Click on LDAP and/or Radius, then enter the listen address and port
    Note: the listen address can be localhost, everything or a specific IP

setup

  • Go to the Access Rules tab

  • Click + Create

  • Select your application, then enter the number of desired factors for LDAP and/or Radius authentications
    Note: internal and external zones are used for SAML, OpenID Connect or NoSSO access. They are not useful for only LDAP / Radius authentication.

setup

Trustelem is now ready to reply to applications sending requests to TrustelemConnect with the correct port and IP.

Setup the application

In your application, setup LDAP and/or Radius from the information provided by Trustelem:

  • the port is defined in the Services tab
    https://admin-mydomain.trustelem.com/app#/services

  • the domain / user / password are provided in the setup of the application

    https://admin-mydomain.trustelem.com/app#/apps

With the initial example:

setup