Connect Active Directory
Adding a directory is a two-step wizard:
- Connect Active Directory — register the domain and Domain Controller connection details (this page).
- Install DC Sensor — deploy the Authnull sensor on the Domain Controller (covered in Install DC Sensor).
To start, go to Admin → Directory → Identity Providers, click Add, and choose Active Directory.
The service account password never reaches Authnull
You do not enter the service account password here. It is supplied directly on the gateway / Domain Controller during sensor installation — it is never sent to or stored by Authnull.
Step 1 — Connection details
Fill in the form fields below, then click Save & Continue.
| Field | Required | Description |
|---|---|---|
| Display Name | Yes | A friendly name for this directory, e.g. My AD. |
| Domain Name | Yes | The AD domain, e.g. authnull.lab. Must contain a dot and must not contain an @. |
| DC Hostname / IP | Yes | The Domain Controller to connect to, e.g. 10.0.0.5 or dc01.authnull.lab. |
| LDAP Port | Yes | Defaults to 389. Switches to 636 automatically when Use LDAPS is enabled. Any value 1–65535 is accepted. |
| Service Account DN | Yes | The bind account, e.g. CN=AuthNullSvc,CN=Users,DC=authnull,DC=lab. UPN format (user@domain) is also accepted. |
| Base DN | Auto | Derived from the domain automatically (e.g. authnull.lab → DC=authnull,DC=lab). Click Edit to override, Reset to revert. |
| Sync Filter — Groups | Yes | Plain group names — no CN= prefix, e.g. Domain Admins, VPN-Users. Press Enter or comma to add each as a chip. |
| Sync Filter — OUs | Yes | Each value must start with OU=, e.g. OU=AdminUsers, OU=ITStaff. Press Enter or comma to add each as a chip. |
| Use LDAPS (636) | No | Enable to connect over SSL. Sets the LDAP port to 636. |
| Skip certificate verification | No | Appears only when LDAPS is enabled. Lab only — do not use in production. |
Field rules
- Domain Name — rejected if it contains
@or has no dot. The domain is split intoDC=components to derive the Base DN. - LDAP Port — must be an integer between
1and65535. - Sync Filter — Groups — a chip containing a comma, or one that starts with
CN=, is rejected. Use plain names and one chip per group. - Sync Filter — OUs — a chip that does not start with
OU=, or contains a comma, is rejected. - Duplicate check — if a directory with the same domain and DC host already exists, Authnull asks you to confirm before continuing.
Step 2 — Save & Continue
When the form is valid, Save & Continue registers the directory (it appears as Pending on the Identity Providers list) and advances the wizard to Install DC Sensor.
The directory does not become Running until the sensor is installed and connects back from the Domain Controller.