Bridge Installation Guide for Ranger

Installation of a Bridge for Ranger is the same as for UDM Pro. Refer to the UDM Pro Bridge Installation documentation. Follow the documentation in that section and then return here to complete the configuration.

Since UDM 2.2.10 UDM has also supported sync'ing of numbers from Microsoft Teams as an alternative to on-premise AD. 

IMPORTANT: Although you could configure syncing of AD and Teams it is not recommended due to possible conflicts where the numbers appear in both sources. This could lead to inconsistent and inaccurate data. Please ensure you only configure one source. If you need to support a transition between On-premise to Teams we recommend a second UDM instance to manage On-premise until the migration is complete.

Microsoft Teams Setup

Once the bridge is installed, go to the "Settings" page and complete the "Teams Sync Settings". You will need to setup a Microsoft 365 service account with the "Teams Administrator" role. Enter the username and password for this account in the settings. Select the bridge to use for syncing with Teams. Click "Apply" to save the changes.

Once the changes are saved, press the "Test Connection" A message will appear either confirming the number of users found or an error. Once the bridge has connected successfully it will synchronise the numbers back to Ranger this may take a while depending on the number of users. The status of the sync will be shown in the current bridge.log in C:\ProgramData\Event Zero\UDM Pro Bridge\Logs.

On-premise AD Sync

Once the bridge is installed go to the "Settings" page and complete the Active Directory Sync settings. In most cases you do not need to complete all the fields the defaults shown in grey will suffice. The minimum required are the Server Host, Bind Username, Bind Password and syncing bridge. Note: The syncing bridge is not required when you are using the on-premise UDM server.

Once the changes are saved, press the "Test Connection" A message will appear either confirming the number of users found or an error. Once the bridge has connected successfully it will synchronise the numbers back to Ranger this may take a while depending on the number of users. The status of the sync will be shown in the current bridge.log in C:\ProgramData\Event Zero\UDM Pro Bridge\Logs.


SettingDescription
Server HostFQDN or IP address of an Active Directory Server or Global Catalog
Server Port

The port to connect to the server to query AD. You can connect to server for standard LDAP queries using port 389 or when using SSL port 636. .

If the server is a Global Catalog server you can use port 3268 or when using SSL port 3269 to do the queries.

Use SSL

Enable SSL connection to the AD server. When this is enabled you will also be given the opportunity to include a base64 encoded certificate

for the connection. This is only needed if the AD server is using a self-signed certificate or one signed by an unrecognised CA.

Bind Username

If authentication is required to perform the LDAP query enter the username

Bind  PasswordIf authentication is required to perform the LDAP query enter the password for the Bind account
Sync Minimum Attributes

Will only download the minimum AD fields for Ranger. Having more attributes may assist in identifying users in large deployments. The attributes list is at



Search Root

The search defines the location to start synchronizing from. If all the entries required to be synchronized are under a seperate OU you should use this as the root.

By using a refined search you will limit the number of entries retrieved, which will enhance performance.

Contact QueryThis defines the query to be used to find contacts in your AD. This normally doesn't need to be changed.
Group QueryThis defines the query to be used to find groups in your AD. This normally doesn't need to be changed.
User QueryThis defines the query to be used to find users in your AD. This normally doesn't need to be changed.
Syncing Bridge

Select the bridge you will use for performing the AD sync.

Note: If you are using the on-premise version of the server and have less than 50,000 users you do not need to use a bridge.



Once the bridge is installed go to the settings page and complete the Active Directory Sync settings. In most cases you do not need to complete all the fields the defaults shown in grey will suffice. The minimum required are the Server Host, Bind Username, Bind Password and syncing bridge. Note: The syncing bridge is not required when you are using the on-premise UDM server.

Server HostFQDN or IP address of an Active Directory Server or Global Catalog
Server Port

The port to connect to the server to query AD. You can connect to server for standard LDAP queries using port 389 or when using SSL port 636. .

If the server is a Global Catalog server you can use port 3268 or when using SSL port 3269 to do the queries.

Use SSL

Enable SSL connection to the AD server. When this is enabled you will also be given the opportunity to include a base64 encoded certificate

for the connection. This is only needed if the AD server is using a self-signed certificate or one signed by an unrecognised CA.

Bind UsernameIf authentication is required to perform the LDAP query enter the username
Bind PasswordIf authentication is required to perform the LDAP query enter the password for the Bind account
Search Root

The search defines the location to start synchronizing from. If all the entries required to be synchronized are under a seperate OU you should use this as the root.

By using a refined search you will limit the number of entries retrieved, which will enhance performance.

User QueryThis defines the query to be used to find users in your AD. This normally doesn't need to be changed.
Group QueryThis defines the query to be used to find groups in your AD. This normally doesn't need to be changed.
Contact QueryThis defines the query to be used to find contacts in your AD. This normally doesn't need to be changed.
Syncing Bridge

Select the bridge you will use for performing the AD sync.

Note: If you are using the on-premise version of the server and have less than 50,000 users you do not need to use a bridge.

Once the bridge is installed go to the settings page and complete the Active Directory Sync settings. In most cases you do not need to complete all the fields the defaults shown in grey will suffice. The minimum required are the Server Host, Bind Username, Bind Password and syncing bridge. Note: The syncing bridge is not required when you are using the on-premise UDM server.

Server HostFQDN or IP address of an Active Directory Server or Global Catalog
Server Port

The port to connect to the server to query AD. You can connect to server for standard LDAP queries using port 389 or when using SSL port 636. .

If the server is a Global Catalog server you can use port 3268 or when using SSL port 3269 to do the queries.

Use SSL

Enable SSL connection to the AD server. When this is enabled you will also be given the opportunity to include a base64 encoded certificate

for the connection. This is only needed if the AD server is using a self-signed certificate or one signed by an unrecognised CA.

Bind UsernameIf authentication is required to perform the LDAP query enter the username
Bind PasswordIf authentication is required to perform the LDAP query enter the password for the Bind account
Search Root

The search defines the location to start synchronizing from. If all the entries required to be synchronized are under a seperate OU you should use this as the root.

By using a refined search you will limit the number of entries retrieved, which will enhance performance.

User QueryThis defines the query to be used to find users in your AD. This normally doesn't need to be changed.
Group QueryThis defines the query to be used to find groups in your AD. This normally doesn't need to be changed.
Contact QueryThis defines the query to be used to find contacts in your AD. This normally doesn't need to be changed.
Syncing Bridge

Select the bridge you will use for performing the AD sync.

Note: If you are using the on-premise version of the server and have less than 50,000 users you do not need to use a bridge.