Integrating an Account with an LDAP Server

If your organization utilized an LDAP server, you can sync the users in your active directory with PhishingBox.

LDAP configurations vary from organization to organization, so you may have to consult with your organization's Information Technology team to configure an LDAP user with the proper read permissions and set the LDAP server's security configuration to allow PhishingBox to connect.

• NOTE: Google Workspace LDAP service requires certificate authentication, which is not currently supported by PhishingBox. In order to connect the PhishingBox LDAP client to a Google Workspace LDAP service, you must use Stunnel as a proxy which will allow username/password authentication. See the following articles for more information.
• Connect LDAP clients to the Secure LDAP service
• Use stunnel as a proxy 

Integrating with LDAP

To get started integrating an account with an LDAP server, navigate to  Administration > Integration Store in the PhishingBox portal.

Under the card containing the LDAP logo, click the 'Setup' button.

This will open the LDAP configuration form. You will need the following information to connect to the LDAP server:

• The server's IP address or domain.
• An open port with which to connect to the server (389 default).
• An LDAP username and password that has permission to read the directory.
• The base DN of the server.
• The type of security protocol used to connect to the server.
• The directory type.

If there are more than 250 groups in the directory, then you will pick groups using a search box (as shown below). If there are 250 or fewer groups in the directory, then all the groups will be displayed for you to choose from.

If you want to sync to commence immediately after saving, set the 'Active' switch to 'Yes'. This will cause the sync to be queued (when a sync is "queued", that means it is scheduled to be synced in; the sync usually completes within minutes of the sync being queued, but can take longer depending on how many targets are being pulled into the Portal). When the sync is finished, an integration_sync_finished email will be sent to the Account Manager Email (set on the Notifications tab on the Account Settings page).

After completing the form, choose whether you would like to sync by the server's groups, organizational units (OUs), or all users on the server (Base). Click the 'Test' button to connect to the server. If a successful connection is made and you chose to sync by group or OU, the server's groups or OUs will be displayed in a multi-select menu. Select the groups or OU's you wish to sync, then click 'Save' to save the configuration. If you chose to sync by base, no groups or OUs will need to be selected.

• NOTE: Make sure you select the correct sync type before saving! After saving, you will have to contact support to reconfigure the sync.

If the 'Active' switch is set to 'Yes' the sync will be queued. One Portal group will be created for every group or OU you chose to sync having the same name and containing all the users from the respective group or OU. If you chose to sync by Base, a single group will be created containing all users in the LDAP server named "Base".

If you did not set the 'Active' switch to 'Yes', commence the sync by clicking the 'Run Sync' link, located in the integration card's drop-down menu. This will queue the sync. You can view the results of the last time the integration was synced by clicking on "Last Sync Logs" in the drop-down. When the sync is finished, an integration_sync_finished email will be sent to the Account Manager Email (set on the Notifications tab on the Account Settings page).