Prerequisites

  • Ensure that your system meets the system requirements.
  • Ensure that you have already installed Git, Node.js, and npm.
  • For most platforms, you will need to have root and/or administrator privileges.

Install the connector for Windows

Download the installer

Download the Auth0 Active Directory/LDAP Connector for Windows (MSI) file:

Run the installer

Run the installer and follow the instructions. The AD/LDAP Connector is installed as a Windows Service.
AD/LDAP Connector Services
Once the installation is complete, you will see a screen in a browser pointing to localhost:
AD/LDAP Connector Admin Ticket
Enter the TICKET URL provided when you provisioned the connection. The TICKET URL uniquely identifies this connector in Auth0. The Connector will use this to communicate with Auth0 Server and automatically complete the configuration. Enter the LDAP settings:
adldap-connector-admin-settings
SettingDescription
LDAP Connection StringFor example, ldap://ldap.internal.contoso.com. This is the protocol + the domain name or ip address of your LDAP server. Your LDAP server is the local domain controller where Active Directory is installed. The protocol can be either ldap or ldaps. If you need to use ldaps make sure that the certificate is valid in the current server.
Base DNFor example, dc=contoso,dc=com. This is the base container for all the queries performed by the connector.
UsernameFor example, cn=svcauth0,dc=services,dc=contoso,dc=com The full distinguish name of a user to perform queries.
PasswordThe password of the user.
Once you submit the above information, the connector will perform a series of tests to validate the information you entered. The results are displayed under Configuration Log in the console screen.
adldap-connector-admin-settings-ok
Make sure that all tests are green.
TestDescriptionTroubleshoot
Test 1Attempts to establish a TCP connection to the LDAP server and port specified.Check basic network connectivity and firewall settings that might prevent such a connection.
Test 2Attempts to perform an LDAP bind on the LDAP server and port specified and with the username and password provided.Check the LDAP connection string, search path, username and password.
Test 3Attempts to perform an LDAP search against the directory to check the privileges of the specified username.Check the privileges of the username in the target directory.
Test 4Attempts to establish a connection to the Auth0 server.Check network connectivity and firewall settings that might prevent such a connection.

Install the connector for other platforms

  1. Download the Auth0 Active Directory/LDAP Connector package to /tmp: Curl example:
  2. Expand the package and install its dependencies: 
    mkdir /opt/auth0-adldap
tar -xzf /tmp/adldap.tar.gz -C /opt/auth0-adldap --strip-components=1
cd /opt/auth0-adldap
npm install
  3. Start your server. node server.jsWhen prompted for the ticket number, enter the full ticket URL from the Settings tab of the Setup AD/LDAP connector screen in the Auth0 Management Dashboard.
  4. You will be prompted to edit the config.json configuration file with your LDAP connection and authentication details: 
    "LDAP_URL": "ldap://{yourLdapServerFqdn}",
"LDAP_BASE": "dc={yourDomain},dc=com",
"LDAP_BIND_USER":"{yourLdapUser}",
"LDAP_BIND_PASSWORD":"{yourLdapUserPassword}" //cleartextpassword
  5. Run node server.js once more to start the Connector. Note that the LDAP_BIND_PASSWORD line in config.json changes to LDAP_BIND_CREDENTIALS at this point.
  6. Once the Connector is running, you will need to daemonize the Connector (if you don’t already have a tool selected, you can consider upstart or systemd). For example, for using systemd with Ubuntu Xenial, the file /lib/systemd/system/auth0-adldap.service could contain the following: 
    [Unit]
Description=Auth0 AD LDAP Agent
After=network.target

[Service]
Type=simple
Restart=always
User=ubuntu
WorkingDirectory=/opt/auth0-adldap
ExecStart=/usr/bin/node server.js
  7. Run node admin/server.js to access the admin UI. The admin UI will be running and available on http://localhost:8357.
If you get an Invalid Ticket message when configuring the Connector for the first time, the most likely cause is a network issue (for example, you have the Connector running behind a proxy).

Learn more