process-mining
2021.10
true
UiPath logo, featuring letters U and I in white

Process Mining

Automation CloudAutomation Cloud Public SectorAutomation SuiteStandalone
Last updated Dec 20, 2024

Set up Secure LDAP

Secure LDAP

For increased security, it is recommended to use LDAPS instead of LDAP. In case of LDAPS, the ldap setting in UiPath Process Mining must be changed:

  • the url must be updated,
  • a tlsOptions property must be added.
The tlsOptions property will contain the contents of the LDAPS certificate. This certificate needs to be in the PEM file format.
If your certificate is in another format, you can use OpenSSL to convert it. The certificate needs to be added as a single line where all line breaks are noted as \n. For example:
Note:

If your certificate is in another format, you can use OpenSSL to convert it. The certificate needs to be added as a single line where all line breaks are noted as \n. See below for an example.

"ExternalAuthenticationProviders": {
    "ldap": {
            "url":             "ldaps://PROCESSGOLDTEST.pgdctest.local:636",
            "base":            "DC=pgdctest,DC=local",
            "bindDN":          "PGDCTEST\)\)\)    estuser",
            "bindCredentials": "Passw0rd!",
            "tlsOptions": {
                "ca": ["-----BEGIN CERTIFICATE----\)
KJHIBuhobUYOBuy\)
jhgbouigh\)
-----END CERTIFICATE-----"],
            "rejectUnauthorized": true
        }
  }
}"ExternalAuthenticationProviders": {
    "ldap": {
            "url":             "ldaps://PROCESSGOLDTEST.pgdctest.local:636",
            "base":            "DC=pgdctest,DC=local",
            "bindDN":          "PGDCTEST\)\)\)    estuser",
            "bindCredentials": "Passw0rd!",
            "tlsOptions": {
                "ca": ["-----BEGIN CERTIFICATE----\)
KJHIBuhobUYOBuy\)
jhgbouigh\)
-----END CERTIFICATE-----"],
            "rejectUnauthorized": true
        }
  }
}
Note: The server certificate is verified against the certificates in “ca”. Depending on how your LDAPS server is configured, “ca” can contain multiple certificates, or can even be omitted.

Debugging Secure LDAP

If you experience difficulties when setting up secure LDAP, you can omit the “ca” property for testing purposes. In which case you also must set the “rejectUnauthorized” property to false:
"ExternalAuthenticationProviders": {
    "ldap": {
            "url":             "ldaps://PROCESSGOLDTEST.pgdctest.local:636",
            "base":            "DC=pgdctest,DC=local",
            "bindDN":          "PGDCTEST\)\)\)    estuser",
            "bindCredentials": "Passw0rd!",
            "tlsOptions": {
                    "rejectUnauthorized": false
    }
    }
}"ExternalAuthenticationProviders": {
    "ldap": {
            "url":             "ldaps://PROCESSGOLDTEST.pgdctest.local:636",
            "base":            "DC=pgdctest,DC=local",
            "bindDN":          "PGDCTEST\)\)\)    estuser",
            "bindCredentials": "Passw0rd!",
            "tlsOptions": {
                    "rejectUnauthorized": false
    }
    }
}

This way you can check if the issue is a certificate issue or something else.

Note: Do not set “rejectUnauthorized” to false on production environments.
  • Secure LDAP
  • Debugging Secure LDAP

Was this page helpful?

Get The Help You Need
Learning RPA - Automation Courses
UiPath Community Forum
Uipath Logo White
Trust and Security
© 2005-2024 UiPath. All rights reserved.