Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Next »

This feature gathers permissions and access rights for groups, users, and other entities (trustees) on an LDAP server. When used with a corresponding CIFS/SMB server, users can review file permissions and access from the Focus UI and reports.

Step 1

Go to Administration > Connections > LDAP

Step 2

Select NEW SCAN SHARE

Step 3

Enter the details of the LDAP to scan and select SAVE.

Definitions

Name: Give a name to the scan to identify it later

Username: The user must be an admin level and have access to all the LDAP utilities to be scanned. The username should be entered in the format user@domain.com

Password: Password for the admin user

IP Address: The IP Address of the server where the LDAP is installed

Certificate (Optional): If the server you wish to scan uses LDAPS (LDAP over SSL/TLS) enter your certificate text here. Otherwise leave it blank

Port: 389 is the default port for LDAP, however for Secure LDAP 636 is used.

Inactivity: This defines inactive users. Default is 90 days

Search: This is the point in the LDAP directory where Focus will start searching from. In this example:

  1. DC stands for Domain Component. An attribute used to represent domain levels.

  2. aws-gv is the name of the first-level domain.

  3. local is the top-level domain.

Together, DC=aws-gv,DC=local represents the domain aws-gv.local.

Step 4

Back on the LDAP connections page, icons to Delete, Edit, and Scan are shown. Select Scan.

Focus has now begun discovering trustees and assessing permissions on files. An overview of the results can be found on the Company Overview page.

Step 5

For more detailed information select from one of the hyperlinked: Groups, Users, Active Users, Inactive Users, or Suspended Users, to view tables.

Conversely, the permissions for particular files can be checked. Navigate to the Explore page and under the Actions on each applicable file, select Open Permissions.

For more information about the security of the Active Directory, navigate to Reports and select User Access Report. This pdf report shows information on: Users in the most Groups, Enabled Inactive Users, Domain Administrators, and Users with Outdated Passwords.

Full Walkthrough

  • No labels

Classified as Getvisibility - Partner/Customer Confidential