Universal Proxy v4.x configuration example on Linux
The content of the server.properties file should be the following:
Note:
The environment is LDAP protocol - SFA mode, OpenLDAP Directory as the primary authentication server.
Filling the company.name field is optional during the configuration. If you have not configured that field, it will not appear in the server.properties file.
###
### This configuration file contains the settings for the Universal Proxy.
### It has four sections
### * Server settings
### * LastPass API settings
### * LDAP settings
### * RADIUS settings
### Fill Server settings and LastPass API settings first. Then fill LDAP settings if you plan to use
### Universal Proxy using LDAP or LDAPS or fill RADIUS settings if you are going to use RADIUS.
### If a value is not applicable for your case leave it as it is.
### For further information see the online documentation:
### https://support.lastpass.com/help/what-is-lastpass-universal-proxy
###
### Note, that it is also possible to configure Universal Proxy using the command line tool.
### Issue the following command in PowerShell to start the command line configuration tool:
### sudo uproxy -configurationTool
### Online documentation for the configuration tool:
### https://support.lastpass.com/help/how-do-i-configure-the-lastpass-universal-proxy-via-command-line
###
#######################################
#######################################
### ###
### Universal Proxy Server settings ###
### ###
#######################################
#######################################
##
## Server settings: set these values to configure how the Universal Proxy handles incoming authentication
## requests. Choose the authentication protocol (LDAP, LDAPS or RADIUS), specify the ports and domains and
## set the server mode (LP, PLP, SFA).
## For an explanation about server modes see the documentation:
## https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes
##
# The protocol to authenticate users. [LDAP | LDAPS | RADIUS]
server.protocol=LDAP
# The mode in which Universal Proxy should run [LP | PLP | SFA].
server.mode=SFA
# The port on which Universal Proxy listens on.
server.port=1389
# The name of your company. This value appears to end users in the MFA app.
company.name=Test-company
#################################################################
#################################################################
### ###
### Authentication server settings: Common Login Service ###
### ###
#################################################################
#################################################################
##
##
cli.cls.integration.key=your_cls_integration_key_goes_here
cli.cls.integration.secret=your_cls_integration_secret_goes_here
default.cls.auth.method=push
###################################################
###################################################
### ###
### Authentication server settings: LDAP server ###
### ###
###################################################
###################################################
##
## LDAP settings: set these values to configure Universal Proxy to be able to communicate with a LDAP server.
## Leave these values blank if you are not planning to use Universal Proxy for LDAP authentication.
## The ldap.admin.password field is applicable only if the server mode is LP.
## The ldap.address, ldap.port and ldap.tls fields can only be used if the server mode is either PLP or SFA.
## For an explanation about server modes see the documentation:
## https://support.lastpass.com/help/what-is-lastpass-universal-proxy#server_modes
## For the current server mode see the value of the server.mode variable in this file.
## Leave any value blank which is not applicable for your current setup.
##
# The address of the OpenLDAP. Applies to server modes: [PLP | SFA]
ldap.address=172.19.0.5
# The default LDAP server type: [auto | ms | openldap]
default.ldap.server.type=auto
# The port on which the OpenLDAP expects authentication messages (default: LDAP: 389, LDAPS: 636). Applies to server modes: [PLP | SFA]
ldap.port=389
# The distinguished name of the LDAP admin user. Example: CN=admin,CN=Users,DC=domain,DC=com
ldap.admin=CN=testAdmin,CN=Users,DC=testproxy,DC=com
# The password of the LDAP admin user. Applies to server modes: [LP] only.
ldap.admin.password=your_password
# LDAP naming attribute: the name of the LDAP field in which the Linux user logon name is stored. Possible values: uid
ldap.attribute.login=uidCheck the following:
- The ldap.admin field value must be the same as the OpenLDAP's distinguishedName field value.