product icon

LastPass Universal Proxy v5.x LDAPS configuration using command line

    Before you begin:
    Note: LastPass Universal Proxy v5.x uses a Linux-based docker image that runs in a docker container. For more information about the minimum system requirements for Docker, view Minimum software requirements for LastPass Universal Proxy.
    About this task:
    Note: This feature requires an account with the LastPass Business + Advanced MFA add-on. How do I upgrade my LastPass Business account with an add-on?
    1. Configure the following parameters. Available selections are in brackets, and default selections are in parentheses.
      Select the protocol [LDAP, LDAPS, RADIUS]:
      LDAPS
      Select the challenge mode [LP, PLP, SFA]:
      Enter the server mode of the Universal Proxy.

      For more information on server modes, see Server Modes.

    2. Configure the LDAPS server setup.
      • LastPass MFA Authentication [LP]
        Enter the name of your company:
        The company name that appears in the end users MFA application when they receive a push notification from your system.
        Enter the CLS integration key:
        The LastPass CLS integration key that you retrieved from the LastPass new Admin Console. For more information, see Find the integration key.
        Enter the CLS integration secret:
        The LastPass CLS integration secret that you retrieved from the LastPass new Admin Console.
        Enter the preferred method of default authentication [push, call] (push):
        The default authentication factor. The default factor is push.
        Enter the distinguished name of the LDAP admin user:
        The distinguished name of the LDAP administrator, in the following format: CN=admin,CN=Users,DC=example,DC=com.
        Enter the admin password:
        The password of the LDAP administrator.
        Enter SSL certificate file path:
        The path to the SSL server certificate. The certificate should be in PEM format.
        Enter SSL private key file path:
        The private key of the SSL certificate. The certificate should be in PEM format.
        Note: If your private key is password-protected, remove the password protection before adding it.
      • LastPass MFA or password authentication [PLP]
        Enter the name of your company:
        The company name that appears in the end users MFA application when they receive a push notification from your system.
        Enter the CLS integration key:
        The LastPass CLS integration key that you retrieved from the LastPass new Admin Console. For more information, see Find the integration key.
        Enter the CLS integration secret:
        The LastPass CLS integration secret that you retrieved from the LastPass new Admin Console.
        Enter the LDAP server IP address:
        The IP address or a DNS name of your Active Directory server.
        Enter the LDAP server port (636):
        This is the port on which the Active Directory listens to for incoming requests.
        Enter the distinguished name of the LDAP admin user:
        The distinguished name of the LDAP administrator, in the following format: CN=admin,CN=Users,DC=example,DC=com.
        Enter the admin password:
        The password of the LDAP administrator.
        Enter SSL certificate file path:
        The path to the SSL server certificate. The certificate should be in PEM format.
        Enter SSL private key file path:
        The private key of the SSL certificate. The certificate should be in PEM format.
        Note: If your private key is password-protected, remove the password protection before adding it.
        Enter SSL CA certificate file path:
        The path to the CA’s certificate. This is the certificate of the CA who issued your AD's SSL certificate. The certificate should be in PEM format. There can be multiple CA certificates in one single file.
        Note: This field is mandatory.
      • Both LastPass MFA and password authentication [SFA]
        Enter the name of your company:
        The company name that appears in the end users MFA application when they receive a push notification from your system.
        Enter the CLS integration key:
        The LastPass CLS integration key that you retrieved from the LastPass new Admin Console. For more information, see Find the integration key.
        Enter the CLS integration secret:
        The LastPass CLS integration secret that you retrieved from the LastPass new Admin Console.
        Enter the preferred method of default authentication [push, call] (push):
        The default authentication factor. The default factor is push.
        Enter the LDAP server IP address:
        The IP address or a DNS name of your Active Directory server.
        Enter the LDAP server port (636):
        This is the port on which the Active Directory listens to for incoming requests.
        Enter the distinguished name of the LDAP admin user:
        The distinguished name for the LDAP administrator, in the following format: CN=admin,CN=Users,DC=example,DC=com.
        Enter the admin password:
        The password of the LDAP administrator.
        Enter SSL certificate file path:
        The path to the SSL server certificate. The certificate should be in PEM format.
        Enter SSL private key file path:
        The private key of the SSL certificate. The certificate should be in PEM format.
        Note: If your private key is password-protected, remove the password protection before adding it.
        Enter SSL CA certificate file path:
        The path to the CA’s certificate. This is the certificate of the CA who issued your AD's SSL certificate. The certificate should be in PEM format. There can be multiple CA certificates in one single file.
        Note: This field is mandatory.
    3. Once configured, run the docker image in a container for LastPass Universal Proxy v5.x by executing the following command in the terminal:
      docker run --name=<friendlyname> -v <nameofthevolume>:/usr/local/universalproxy/volume -p <portofthecontainer>:636 -dit -e TZ=UTC <dockerimagerepository>:<dockerimagetag>
      Command example:
      docker run --name=universalproxy -v universalproxy:/usr/local/universalproxy/volume -p 636:636 -dit -e TZ=UTC lastpass/universalproxy:5.0.0
    Results: LastPass Universal Proxy v5.x is now configured.