product icon

LastPass Universal Proxy v5.x LDAP configuration using command line

    Before you begin:
    Note: LastPass Universal Proxy v5.x uses a Linux-based docker image that runs in a docker container. For more information about the minimum system requirements for Docker, view Minimum software requirements for LastPass Universal Proxy.
    About this task:
    Note: This feature requires an account with the LastPass Business + Advanced MFA add-on. How do I upgrade my LastPass Business account with an add-on?
    1. Configure the following parameters. Available selections are in brackets, and default selections are in parentheses.
      Select the protocol [LDAP, LDAPS, RADIUS]:
      LDAP
      Select the challenge mode [LP, PLP, SFA]:
      Enter the server mode of the Universal Proxy.

      For more information on server modes, see Server Modes.

    2. Configure the LDAP server setup.
      • LastPass MFA Authentication [LP]
        Enter the name of your company:
        The company name that appears in the end users MFA application when they receive a push notification from your system.
        Enter the CLS integration key:
        The LastPass CLS integration key that you retrieved from the LastPass new Admin Console. For more information, see Find the integration key.
        Enter the CLS integration secret:
        The LastPass CLS integration secret that you retrieved from the LastPass new Admin Console.
        Enter the preferred method of default authentication [push, call] (push):
        The default authentication factor. The default factor is push.
        Enter the distinguished name of the LDAP admin user:
        The distinguished name of the LDAP administrator, in the following format: CN=admin,CN=Users,DC=example,DC=com.
        Enter the Admin password:
        The password of the LDAP administrator.
      • LastPass MFA or password authentication [PLP]
        Enter the name of your company:
        The company name that appears in the end users MFA application when they receive a push notification from your system.
        Enter the CLS integration key:
        The LastPass CLS integration key that you retrieved from the LastPass new Admin Console. For more information, see Find the integration key.
        Enter the CLS integration secret:
        The LastPass CLS integration secret that you retrieved from the LastPass new Admin Console.
        Enter the LDAP server IP address:
        The IP address or a DNS name of your Active Directory server.
        Enter the LDAP server port (389):
        This is the port on which the Active Directory listens to for incoming requests.
        Enter the distinguished name of the LDAP admin user:
        The distinguished name of the LDAP administrator, in the following format: CN=admin,CN=Users,DC=example,DC=com.
        Enter the Admin password:
        The password of the LDAP administrator.
      • Both LastPass MFA and password authentication [SFA]
        Enter the name of your company:
        The company name that appears in the end users MFA application when they receive a push notification from your system.
        Enter the CLS integration key:
        The LastPass CLS integration key that you retrieved from the LastPass new Admin Console. For more information, see Find the integration key.
        Enter the CLS integration secret:
        The LastPass CLS integration secret that you retrieved from the LastPass new Admin Console.
        Enter the preferred method of default authentication [push, call] (push):
        The default authentication factor. The default factor is push.
        Enter the LDAP server IP address:
        The IP address or a DNS name of your Active Directory server.
        Enter the LDAP server port (389):
        This is the port on which the Active Directory listens to for incoming requests.
        Enter the distinguished name of the LDAP admin user:
        The distinguished name for the LDAP administrator, in the following format: CN=admin,CN=Users,DC=example,DC=com.
        Enter the Admin password:
        The password of the LDAP administrator.
    3. Once configured, run the docker image in a container for LastPass Universal Proxy v5.x by executing the following command in the terminal:
      docker run --name=<friendlyname> -v <nameofthevolume>:/usr/local/universalproxy/volume -p <portofthecontainer>:389 -dit -e TZ=UTC <dockerimagerepository>:<dockerimagetag>
      Command example:
      docker run --name=universalproxy -v universalproxy:/usr/local/universalproxy/volume -p 389:389 -dit -e TZ=UTC lastpass/universalproxy:5.0.0
    Results: LastPass Universal Proxy v5.x is now configured.