LDAP

LDAP

[This feature is only available for Corporate version users]
‚Äč
For the time being Faraday doesn't support a hybrid installation using both LDAP and local users. Enabling LDAP disables local users and vice versa. However, local users are not deleted, only banned from login. Disabling LDAP unlocks the login for local users. For this reason, after enabling LDAP the permissions for local users over Workspaces are erased, which makes these Workspaces publicly available immediately after restarting the server.

Configuration

To configure Faraday with LDAP/AD edit /home/faraday/.faraday/config/server.ini and complete the following fields inside the [ldap] section.

* enabled (turn off or on the support with AD/LDAP)
* server (IP Address of the server, Domain Controler or LDAP Server)
* domain_dn (Domain path for AD)
* domain default domain. Set to false if you don't need it.
* admin_group (name of the group for AD that corresponds to the Admin role)
* pentester_group (name of the group for AD that corresponds to the Pentester role)
* client_group (name of the group for AD that corresponds to the Client role)
* use_ldaps (set up the ldaps function)
* use_start_tls ( set up the starttls function)
* port (ldap port)
* disconnect_timeout (maximum wait time for a session of the domain user)
* use_local_roles (Use Faraday roles stored in PostgreSQL database)
* default_local_role (The default role for authenticated users, only works when use_local_roles is True)

WARNING: If use_local_roles is set to true, any user on the AD will be allowed to use Faraday.


The following example shows a basic AD configuration:
[ldap]
enabled = true
server = 127.0.0.1
domain_dn = DC=example,DC=com
domain = example.com
admin_group = fadmin
pentester_group = fpentester
client_group = fclient
use_ldaps = false
use_start_tls = false
port = 389
disconnect_timeout = 2.0
use_local_roles = false
default_local_role = none
bind_format= CN

After doing the modifications, save the file and restart Faraday Server.

Configuration example

Assuming that our domain name is: example.com and our groups are defined as: fadminfclient and fpentester, our LDAP configuration should look like this:


Now, assuming that the user admin_user is a member of group fadmin, the user's properties should look like this:


Migrating to LDAP

  1. Logout of both the Web UI and GTK and then stop Faraday Server.
  2. Enable LDAP in the Faraday Server configuration file.
  3. Start Faraday Server.
  4. Login as a Faraday administrator with the LDAP credentials in the Web UI.
  5. Change owner and permissions for all existing workspaces.

    Still looking for answers? You can try opening a ticket.
      • Related Articles

      • LDAP with OKTA

        Only available from Faraday v3.10 onwards First of all, navigate to: https://www.okta.com/ Click on Try Okta and Sign Up: Remember your user and workdomain from user@workdomain.com Okta will send you an e-mail with the URL and your temporary ...
      • LDAP Reconfigure Troubleshooting on Faraday 3.16

        As part of the constant grow there were introduced new security rules on LDAP and as a consequence when upgrading Faraday to 3.16 it LDAP needs to be reconfigured. Steps to do it: faraday-manage settings -a update ldap Then update every field ...
      • Managing Users

        During the Faraday Server setup process an administrator user is created. Default username is faraday and password will be created randomly . Store this password to be able to change it later on if needed. If you wish to change your password, run ...