? SLX - Ldap Gateway
support@securelynkx.com +91 9310066015



SLX Connect LDAP GATEWAY


Login to publicly/privately hosted sites using credentials stored in Active Directory, OpenLDAP and other LDAP servers.


SLX Connect LDAP Gateway


SLX Connect LDAP Gateway allows login to publicly/privately hosted sites using credentials stored in Active Directory, OpenLDAP and other LDAP servers. If the LDAP Server is not publicly accessible from your site, this module can be used in conjunction with the SLX Connect LDAP Gateway, which is deployed at the DMZ server in the intranet. Another benefit of this module is that multiple LDAP Configurations can be stored for multiple customers of a WordPress based Cloud Service Provider and mapping to the username can be done on the basis of the domain name.

SLX Connect gateway is a small piece of software that can reside on a shared machine. It wont need its own machine and our customers generally install it on any server thats already in the DMZ.


SLX Connect ldap gateway architecture



Why LDAP Gateway?


  • LDAP with non public IP - This can be very beneficial if your aim is single sign on but your LDAP exists within your intranet with a non public IP. You can still authenticate your site (which could be anywhere outside your network) and with the help of this two part plugin (plugin + gateway) you can authenticate against your LDAP and achieve single sign on.

  • Secure calls using HTTPS - All remote calls happen through an encrypted channel.

  • Setup LDAP configuration once and access from multiple sites - You only need to setup your LDAP configuration once and you can access from multiple sites, thereby achieving ease of use.

  • Your LDAP stays secure since its behind your firewall.

  • Cloud based LDAP authentication system - This means that the libraries that are needed to authenticate against your LDAP/AD is not PHP based so it can support a much larger variety of LDAP.

Follow the Step-by-Step Guide given below to Setup SLX Connect LDAP Gateway

Step 1: Download and Extract SLX Connect Gateway

  • Click here to Download the latest SLX Connect LDAP Gateway Module.
  • Extract the package to get the Tomcat Embedded LDAP Gateway

  • Navigate to <SLX Connect Gateway Directory>/bin and start the server using the following commands in the terminal:
    1. For Windows Machine: catalina.bat start
    2. For Linux Machine: sh catalina.sh start

Step 2: Configure Port to run SLX Connect Gateway

  • To run SLX Connect LDAP Gateway on a port other than 8080, Navigate to <SLX Connect Gateway Directory>/conf and edit server.xml
  • Search for " Connector port="8080" protocol="HTTP/1.1" "

    SLX Connect ldap gateway default port configuration

  • Change the port from 8080 to the required port. Eg: 80
  • Access the gateway from your browser using the url "<hostname:port>/slxconnectgateway". Replace "<hostname>" with your hostname or server IP .

Step 3: Starting SLX Connect Gateway

  • Navigate to <SLX Connect Gateway Directory>/bin and start the server using the following commands in the terminal:
    1. For Windows Machine use : catalina.bat start
    2. For Linux Machine: sh catalina.sh start
  • Access the gateway from your browser using the url "<hostname:port>/slxconnectgateway". Replace "<hostname>" with your hostname or server IP .
    Eg:localhost:8080/slxconnectgateway.

    NOTE: If you have configured another port in Step-2, you can use that custom port instead of 8080. Eg. If you configured Tomcat to run on 8081 then the url will be Eg:localhost:8081/slxconnectgateway.


Step 3: Setting Admin Account

  • On accessing the Gateway Application in your browser. You will be redirected to Setup Admin Account Page.

  • SLX Connect ldap gateway setup admin form

  • Enter a suitable Username and Password for an administrator account and click on Submit.
  • After successful setup of account, you should be redirected to the login page.

  • SLX Connect ldap gateway login admin after setup form

  • Enter the credentials of the account you created earlier.

Step 5: Configuring the Gateway to connect to Cloud

  • Go to login.xecurify.com and log into your Xecurify Account.
  • After logging in, click on the Settings >> Product Settings tab on the top right corner.



  • Make a note of the Account details.
  • Navigate back to your Gateway Application on your web browser and Click on Configure Keys.



  • Copy over the Account Details from your cloud account and paste it in your Configure Keys page in your SLX Connect Gateway .



  • Click on Save and then Click on Next.

Step 6: Connecting LDAP Gateway to Directory

  • Click on the LDAP Configurations tab.
  • This should show to the list of LDAP Configurations.
  • You could either Click on Edit or on the Add LDAP Configuration to start configuring your LDAP information.



  • Configure the SLX Connect Gateway by adding the following LDAP Configuration details.

    SLX Connect ldap gateway configuration

  • Field Description.
    Configuration Identifier Any name that will specify this set of configuration.
    LDAP Server URL Specify the host name for the LDAP server Eg: ldap://myldapserver.domain:389
    Bind Account DN This will be used to establish the connection with LDAP Server. Specify it in the following ways:
    Username@domainname or Distinguished Name(DN) format
    Bind Account Password: Password for the Bind Account in the LDAP Server
    Search Bases: Provide distinguished name of the Search Base object Eg:cn=User,dc=domain,dc=com
    Search Filter: Search filters enable you to define search criteria and provide more efficient and effective searches. Eg: "(&(objectClass=*)(cn=?))"
    Domain Name: Semi-colon separated list of domain. Eg: securelynkx.com
    First Name Attribute: LDAP attribute for the First Name. Eg: givenName
    Last Name Attribute LDAP attribute for the Last Name. Eg: sn
    Email Attribute LDAP attribute for the First Name. Eg: mail
    Username Attribute: LDAP attribute for the First Name. Eg: sAMAccountName
    Phone Attribute LDAP attribute for the First Name. Eg: telephoneNumber
    LDAP Attribute List Semi-colon separated list of attributes. Eg: cn;mail;givenName
  • Click the Save button.

Step 7: Setting up Scheduler

  • Click On Schedules from the left Pane.
  • Configure the following details:
  • Field Description.
    Base Sync OU Search Base from which all the users should be synced.
    Start Time(hh:mm) Start time for the schedule sync Eg: 01 in hours and 01 in minutes.
    Sync Interval (in hrs) Time Interval between periodic sync. replica handbags


    ldap gateway schedules configuration

  • Enable the Enable Schedules checkbox and Click on Save

    NOTE 1: If you want to start the sync immediately then input time which has already passed in the Start Time(hh:mm) filed.
    NOTE 2: The Sync will only work for the first LDAP configuration. The default configuration with ldap identifier. Support for all configurations is coming soon.

Step 8: Managing Admins in LDAP Gateway

  • Click on Manage Admins from the left panel.
  • To Add additional admins, click on the Add Additional Admin button.
  • To Edit the password for the current logged in administrator click on Change Password.
  • To delete other admin, simply click on delete option right next to the admin name.


  • SLX Connect ldap gateway manage admins

  • Copy the slxconnectgateway folder from the webapps of the package provided to the webapps of the Tomcat that is installed as a service.

Step 9: How to run SLX Connect LDAP Gateway as a Tomcat Service (For Windows)(Optional)

  • Install Tomcat as a service using a Tomcat Windows Service Installer
  • Copy the slxconnectgateway folder from the webapps of the package provided to the webapps of the Tomcat that is installed as a service.

Step 10: Setup SSL for LDAP Gateway

  • Click here to follow the steps if you have CA certificates.
  • Follow the below steps if you want dont have CA certificates.
    1. Generate Keystore:
      • Navigate to the %JAVA_HOME%\bin directory in the file explorer. Create a certs directory in it.

        SLX Connect ldap gateway create certs directory

      • Navigate to the %JAVA_HOME%\bin directory in the command line ( in Administrator mode ) and execute the command:
        keytool -genkey -alias <ALIAS> -keyalg RSA -keystore <JAVA_HOME>\bin\certs\keystore.jks

        SLX Connect ldap gateway execute key tool command

        This creates a keystore in the certs folder created in (a).


        SLX Connect ldap gateway create a keystore

    2. Configure Connector:
      This is required to configure Tomcat to run on port 443(SSL Port).
      • Navigate to the <Tomcat Directory>\conf and edit the server.xml file.

        SLX Connect ldap gateway navigate to server.xml

      • Add a connector element under <Service name="Catalina"> . The following configuration needs to be placed in the connector element:
        <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https"
        secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="<PATH_TO_KEYSTORE>"
        keystorePass="KEYSTORE_PASSWORD" />


        SLX Connect ldap gateway add connector


    3. Assign Server Name to Tomcat:
      • Edit the %windows%\system32\drivers\etc\hosts file and add the following line:
        127.0.0.1 <newhostname>

        SLX Connect ldap gateway assign server name

      • Navigate to the <Tomcat Directory>\conf and edit the server.xml file.
      • Search for the <Engine name="Catalina" defaultHost="localhost"> and replace localhost with the newhostname of the server.

        SLX Connect ldap gateway configure new hostname

      • Search for the <Host> element and replace name=localhost with name=<IP Address/DNS> of the server.

        SLX Connect ldap gateway replace new hostname

      • Restart Tomcat by running startup.bat under <Tomcat Directory>\bin. Navigate to the following address:
        https://<newhostname:port>/slxconnectgateway.

Step 11:Setup LDAPS connection with your directory.

  • To configure LDAP Gateway to connect to your Directory over an Secure LDAP. You will be required to import your LDAPS certificate in your JAVA TrustManager.
  • Run the following command to install the certificate in cacerts.
  • For Windows:
    • keytool -importcert -alias "mOrangeLDAPS"
      -keystore "C:\Program Files\Java\jre1.8.0_231\lib\security\cacerts"
      -file "C:\Users\Administrator\Documents\mOrangeLDAPS.cer"

  • For Linux:
    • keytool -importcert -alias "mOrangeLDAPS"
      -keystore "/usr/java/jdk1.8.0_144/jre/lib/security/cacerts"
      -file "/home/mOrangeLDAPS.cer"

  • Restart your web server.