KyberGate + Active Directory / LDAP
Connect your on-premises directory to KyberGate for seamless user sync. Users, groups, and OUs become filtering policies — automatically.
Built for schools and districts with on-premises Active Directory or LDAP infrastructure who want user-level web filtering without cloud migration.
How It Works
Install Sync Agent
Download and install the KyberGate Sync Agent on any domain-joined Windows or Mac machine with network access to your directory server.
Configure Connection
Enter your LDAP server address, search base DN, and credentials in the KyberGate dashboard. Test the connection with one click.
Auto-Sync
Users and groups sync automatically on a schedule you set. Map OUs and groups to filtering policies — changes propagate automatically.
Features
Enterprise-grade directory sync for on-premises environments.
LDAP & Active Directory Support
Works with Microsoft Active Directory, OpenLDAP, and any LDAP v3 compliant directory. One integration for any on-prem directory.
- Microsoft Active Directory
- OpenLDAP
- eDirectory (NetIQ)
- Any LDAP v3 directory
Secure LDAPS (SSL/TLS)
All connections use LDAPS (LDAP over SSL/TLS) by default. Your directory credentials and user data are encrypted end-to-end.
- LDAPS (port 636)
- StartTLS support
- Custom CA certificates
- Certificate validation
Custom Attribute Mapping
Map any LDAP attribute to KyberGate user fields. Grade level, department, building — use whatever your directory stores.
- Standard attributes (cn, sn, mail)
- Custom attributes
- Multi-value attribute support
- Attribute transformation rules
OU-Based Policy Assignment
Map Organizational Units directly to KyberGate filtering policies. Students in the 'Elementary' OU get elementary policies automatically.
- OU-to-policy mapping
- Nested OU support
- Multiple OU search bases
- OU exclusion rules
Scheduled Auto-Sync
The Sync Agent checks your directory on a configurable schedule. Changes are detected and applied automatically — no manual intervention.
- Configurable sync interval
- Delta sync (incremental)
- Full sync on demand
- Sync history & logs
Works With Any LDAP v3 Directory
Not just Active Directory — KyberGate works with any standards-compliant LDAP v3 directory, including OpenLDAP, FreeIPA, and 389 Directory Server.
- LDAP v3 compliant
- Standard LDAP filters
- Paged results support
- Referral following
The KyberGate Sync Agent
The KyberGate Sync Agent runs as a lightweight service on any Windows or Mac machine with network access to your directory server. It securely bridges your on-prem AD with KyberGate's cloud.
No VPN tunnels, no inbound firewall rules, no cloud connectors. Just a simple agent that reads your directory and pushes changes to KyberGate over HTTPS.
Lightweight Service
Runs as a background service using less than 50 MB of memory. No impact on server performance.
Outbound Only
The Sync Agent makes outbound HTTPS connections only. No inbound firewall rules needed — no ports to open.
Read-Only Access
Requires only read permissions on your directory. KyberGate never writes to or modifies your Active Directory.
Windows & Mac
Available for Windows Server, Windows 10/11, and macOS. Install on any domain-joined machine with LDAP access.
Requirements
What you need to get started with the Active Directory / LDAP integration.
Active Directory or LDAP v3 Directory
Any LDAP v3 compliant directory server — Microsoft Active Directory, OpenLDAP, FreeIPA, or 389 Directory Server.
Network-Accessible LDAP Server
The machine running the KyberGate Sync Agent must have network access to your LDAP server (typically port 636 for LDAPS).
KyberGate Sync Agent Installed
A lightweight agent installed on any Windows or Mac machine joined to your domain. Downloads available in the KyberGate dashboard.
KyberGate Enterprise Plan
On-premises directory integrations are available on the KyberGate Enterprise plan ($15/device/yr).
Ready to Connect Active Directory?
Start a free 30-day pilot. We'll help you install the Sync Agent, connect your directory, and deploy filtering policies.
30 days free · Up to 50 devices · No credit card required