You can access the LDAP over SSL (LDAPS) service of Microsoft Entra/AAD via Hornetsecurity.
For our servers to access the LDAP service, all of the following prerequisites must be met in advance:
- A Microsoft 365 tenant with Microsoft Entra ID.
- A Microsoft Entra Domain Services instance (managed domain),
which is synchronized with your Entra tenant. - Access to the Azure portal with permissions to manage
Entra Domain Services and network resources. - A service or administrator account for LDAP bind operations.
Microsoft describes the technical requirements and preliminary steps in the
official LDAPS tutorial for Entra Domain Services:
https://learn.microsoft.com/de-de/entra/identity/domain-services/tutorial-configure-ldaps
These steps must be completed before connecting to Hornetsecurity, and the above-mentioned information must be available.
1. LDAPS in Entra/Azure AD
Set up the Secure LDAP (LDAPS) service of your Microsoft Entra Domain Services instance according to the Microsoft documentation.
After following the tutorial, you will have at least the following data:
- An external IP address through which the LDAPS service can be accessed.
- Username and password of an administrator or service account for LDAP bind.
- The basic server information (domain name, port, certificate is valid).
Without meeting the prerequisites stated in the tutorial, a successful connection is not possible.
2. Network Access for Hornetsecurity
For our servers to access your Azure/Entra LDAPS service, the Hornetsecurity IP ranges must be allowed in your network.
- Allow access in the firewall/NSG from the Hornetsecurity IP ranges
to the external LDAPS IP (Port TCP 636).
Without this allowance, no connection can be established.
3. Configuration in the Hornetsecurity Control Panel
Enter the Azure/Entra information in the Control Panel as follows:
- Enable the LDAPS checkbox (LDAP over SSL).
- Use Port 636 in conjunction with the external IP address of the LDAPS service.
- Enter the username and password of the service/administrator account.
LDAP Connection Manual - Configure Base DN and LDAP filter according to your directory structure
and the desired object selection.
Please obtain the remaining required data from your Azure/Entra account; if unclear, use the integrated help of the Azure service.
4. Testing and Fine-tuning
Verify and optimize the configuration directly in the Control Panel:
- Use the “Test” button to check the connection as well as the number
of synchronized users/groups.
LDAP Users and Groups Manual - Adjust the entry under “LDAP filter” if there are “too few” or “too many” results.
- Save the settings once the test is successful and the filter definition
covers all expected users, groups, and attributes. - Allow users to log in to the Control Panel with the directory service credentials:
LDAP User Login Manual in Control Panel with Directory Service Credentials
This completes the connection of your Azure/Entra LDAPS service to Hornetsecurity.