Aviatrix LDAP-Based Authentication

Aviatrix provides integration with an LDAP/AD server for the authentication of users logging into the VPN services. This guide walks you through the configuration steps.

Configuration Details

This step must be done by an existing Aviatrix CoPilot admin user.

This configuration before or after a gateway is created. These steps assume it is done after creation.

  1. Go to Aviatrix CoPilot > Cloud Fabric > UserVPN > select the Gateways tab.

  2. Select the Edit icon next to the gateway.

  3. Under Authentication, click on the dropdown menu and select LDAP.

  4. Enter the values as described in the table below.

    Field Description

    LDAP Server

    Enter the public IP or hostname for the LDAP / AD server.

    Use SSL to connect to Server

    When this setting is enabled, SSL is used to connect with the LDAP server.

    Blind DN

    DN of the user that the Gateway will use to authenticate with the LDAP server to handle user authentication.


    The password of the Bind DN user.

    Base DN for User Entries

    Starting point in the directory for searching for matching usernames.

    Username Attribute

    User attribute name for username to match.

    Client Certificate

    Only visible if the Use SSL to connect …​ setting is enabled. This file must be in PEM format and contain a public and private key pair.

    CA Certificate

    Only visible if the Use SSL to connect …​ setting is enabled.

    Group Membership DN (Optional)

    LDAP search filter. This value must be entered in the form of a query. For example:\

    for Linux OpenLDAP:memberOf=cn=vpn_users,DC=example,DC=comfor Windows Active Directory:`cn=vpn_users,DC=example,DC=com`

    LDAP User (Optional)

    This field is only used when you click Test LDAP Configuration. It will use this value to search and respond if it was able to connect and find the user.

  5. Enter a value for LDAP User and click Test LDAP Configuration to test the configuration.

  6. Click Save to save this configuration.