BETA! On-Prem Active Directory LDAPs
We have recently released our Evo Secure Login Agent, the agent is a great way to connect your locally managed Active Directory with Evo Secure Login.
For those who have taken part of the beta release, we thank you for the feedback we’ve received thus far. Based on that feedback, we’ve made a few modifications that everyone will benefit from.
.NET Framework version
Previously we stated that .NET Framework 4.8 and above was expected. We have re-evaluated this requirement and have adjusted the agent to work with .NET Framework 4.7.2 and above.
If you’ve already deployed against .NET Framework 4.8, not to worry the agent will continue to function as intended.
Temp file directory path
Originally upon installation there was a directory under C:\windows\temp, called EvoSecurity, which held a file called ldapsync.json. The purpose of this file is to record synced data.
With an upcoming release, the file will be found under C:\ProgramData\EvoSecurity. The purpose of the file remains the same.
Evo Secure Agent keep alive setting
The connection between the Secure Login Agent and MQTT server could result in a disconnect every 5-minutes, which happened to be the default setting. We have added a setting that can be found under RegEdit > HKEY_LOCAL_MACHINE\SOFTWARE\Evo Security\LDAPS, called keep_alive.
The default value will be 300 Seconds (5-minutes). You can update this value if you find that things appear to be disconnecting too frequently. We recommend to not set the value less than 60 seconds (1-minute) or beyond 600 seconds (10-minutes).
Directory names
When you added a new directory within your Evo admin portal, you needed to add the directory with a name of all lowercase characters.
That has been corrected to allow for mixed case directory names.
Note however that if you enter a space in the directory name it will be saved as an underscore, this is expected.
Protected directory
There is a new directory located under C:\ProgramData\EvoSecurity, called LDAPS. This directory is protected and is recommended to remain protected for security’s sake. It is created so that only administrators and the SYSTEM account have access to it. For security purposes, administrators should not change the permissions of this directory purposefully or inadvertently (via UAC).
The ldapsync.json file mentioned above holds only the user information for successful user syncs. For advanced troubleshooting and more detail, two other files were added to the protected directory.
- The payload.json file contains the entire data sync for the last successful sync.
- The failedpayload.json contains the entire attempted payload for the last failed data sync.
Two more additional files (llave and secret) are also contained in the protected directory and are critical for the operation of the Evo LDAP Agent. These files should not be moved, modified, or in any way altered.