Articles in this section

See more

Does GateKeeper work with LDAP?

Alexander Lee
  • Updated
Follow

Yes. GateKeeper fully supports integration with LDAP (Lightweight Directory Access Protocol). When LDAP is enabled on your domain controller, the GateKeeper Hub Cloud can connect to your on-premise Active Directory environment through LDAP for user and computer synchronization.

This allows administrators to centrally manage users, credentials, and authentication policies across their domain using GateKeeper Hub.

How GateKeeper Uses LDAP

  • Connects the GateKeeper Hub Cloud to your on-premise Active Directory

  • Syncs domain users and groups into GateKeeper

  • Supports authentication using domain credentials

  • Allows GateKeeper to manage Windows domain login with tokens and PINs

To enable this functionality, LDAP must be accessible from the network where the Hub Cloud communicates with your domain controller.

1. Enabling LDAP on the Domain Controller

Before setting up the LDAP connection, verify that the domain controller has the necessary LDAP ports open and accessible. This requires allowing inbound and outbound traffic through the Windows Firewall.

Firewall Rules for LDAP

Follow the steps below to create the required firewall exceptions for LDAP:

1. Open Windows Firewall with Advanced Security

  • Go to the Start menu

  • Search for “firewall”

  • Select Windows Firewall with Advanced Security

2. Create an Inbound Rule

  1. Click Inbound Rules

  2. Under Actions, click New Rule...

  3. Select Port, then click Next

  4. Choose TCP and enter the following specific local ports:

    • 389 (LDAP)

    • 636 (LDAPS)

  5. Click Next

  6. Ensure Domain, Private, and Public profiles are checked

  7. Click Next

  8. Name and describe the new rule, then click Finish

3. Create an Outbound Rule

Repeat the steps above, but select Outbound Rules instead of Inbound.

These rules allow the domain controller to accept and send LDAP and LDAPS traffic.

2. Configuring Port Forwarding for External LDAP Access

If your domain controller must be reached from outside your local network (for example, for GateKeeper Hub Cloud to connect), you must configure port forwarding on your router.

Steps to Configure Port Forwarding

  1. Open your router settings

  2. Create a port forwarding rule

  3. Forward ports 389 and 636 to the domain controller’s internal IP address

  4. Apply changes and reboot the router if necessary

This ensures LDAP requests reach your domain controller from external networks.

LDAP Ports Reference

  • Port 389: Standard LDAP

  • Port 636: LDAP over SSL (LDAPS)

For more details on LDAP ports and firewall configuration, see Microsoft’s documentation:

https://support.microsoft.com/en-us/help/179442/how-to-configure-a-firewall-for-domains-and-trusts

Summary

GateKeeper works with LDAP and can connect to an on-premise Active Directory domain when:

  • LDAP or LDAPS is enabled

  • Firewall rules allow ports 389 and 636

  • Port forwarding is configured if external access is required

Once configured, GateKeeper Hub Cloud can sync users and groups and enable domain login using GateKeeper tokens.

 

For any additional questions or concerns regarding proximity settings, computer locking, credential management, or compliance, please contact GateKeeper Enterprise support using the Support Ticket form on https://gkaccess.com/support/ or email support@gkaccess.com.

GateKeeper_Proximity_2FA_Login_for_PCs_and_websites_compliance_Woman_Working_Late_In_Office-2.jpg

---------------------------------------

LDAP integration; domain controllers; Lightweight Directory Access Protocol; gatekeeper LDAP; 

Related articles

Comments

0 comments

Please sign in to leave a comment.