We have evaluated CVE-2022-22963 and CVE-2022-22965, the "Springshell" vulnerability, and have determined that ConnectALL is not vulnerable. Details are posted on this page.


LDAP Configuration

The LDAP users have to be synchronized with the local users to enable authentication via LDAP and authorization via the database. Once LDAP authentication is successful, ConnectALL will automatically synchronize the user(s) to the database (including new users) and will be assigned to the user role. Click on the cogwheel icon on the top right corner and click the LDAP settings option from the drop-down list. 

The recommended LDAP configurations are:

S.No

Label

Value

Description

1AD URL111.111.11.11:222Actual LDAP IP and Port.
2Base Domaincn=admin,DC=example,dc=comUser DN (distinguished name) who has permission to access the LDAP directory has to be configured. Minimum read only access is required.
3PasswordPasswordPassword for the above configured user.
4User DNsAMAccountName

The LDAP parameter which has to be synchronized with the database has to be configured. The value which is migrated from LDAP to the database will be used for Connect All Login.

* Possible values: sAMAccountName/cn/uid,etc (as configured in the users LDAP server)

* Only one value can be configured. Multiple parameter configurations are not allowed..

5ConnectALL AD Loginyes/noBy default the value is set to "no". To enable LDAP authentication please set the parameter to "yes".
 6AD Object Class person

Object class as defined in the LDAP server under which users are configured. During the synchronization, it will start searching for users under the objectClass in LDAP.

* Possible values: person/inetOrgPerson/etc 

7AD Lookup during User field sync

no (or)

Any valid LDAP filter query

If you would like to sync users from different LDAP member groups/ou, then instead of configuring the parameter in ldap.objectClass, configure the entire LDAP member group filter query here. 

If no such requirement, and only a single member group/ou, then setting up of ldap.objectClass property alone is enough and this property can be set with the value "no".