Versions Compared

Old Version 1

changes.mady.by.user The Force

Saved on

compared with

New Version 2

changes.mady.by.user The Force

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DOC and version HG-8.3.1

LDAP Authentication

LDAP authentication options are accessed by clicking the "Authentication" sub-tab at the top of the Admin Settings page, then selecting "LDAP" from the "Authentication Options" module.

...

  1. Configure the LDAP server using the 6connect LDAP provided LDAP Schema
  2. Create the LDAP user(s) in a 'LDIF' file ( testing the query using LDAP Search, if desired)
  3. Configure ProVision with the LDAP authentication settings by enabling LDAP then entering (at minimum) the following information
    1. LDAP Server Address
    2. Port
    3. LDAP Auth DN List
    4. LDAP Fetch DN
    5. LDAP Filter DN
    6. LDAP Group Attribute

...

To configure the use of LDAP authentication with ProVision:

  1. Log into 6connect ProVision
  2. Go to Settings Tab → Admin Settings -> Authentication
  3. Select "LDAP" under "Authentication Options"
  4. Move the LDAP Enable selector to the "ON" position.
  5. Fill in the hostname or ip address, authentication port, LDAP Security, Auth DN List, and Fetch DN, and LDAP Group Attribute.

    1. Some example values in this case would be: 

      • LDAP Enable: (Checked)
      • LDAP Server Address:  IP or Domain, such as 1.2.3.4 or somelabserver.lab.com
      • LDAP Port:  389 ( or SSL/TLS port is 636)
      • LDAP Security:  None
      • LDAP Auth DN:  cn=%LOGIN%,dc=6connect,dc=com
      • LDAP Fetch DN:  cn=%LOGIN%
      • LDAP Filter DN: cn=%LOGIN%
      • LDAP Group Attribute List:  memberOf
      • LDAP Username / LDAP Password: Optionally, you may enter LDAP admin credentials to allow ProVision to import and sync LDAP contacts. See Contact Manager for details on LDAP contacts.
  6. Click "Save Changes".
    1. NOTE: If you experience authentication errors at this step, confirm the LDAP settings using an LDAP Search, as described in the previous section.

...

Note
titleSetting default login authentication options

The default login is 'Local", but the default login method displayed may be updated by performing the following steps: 

  • In the ProVision directory, navigate

In the login screen, you would select the authentication method from the dropdown. If you like, you can set the default login option in the following way:

Go
  • to the /data/globals.php
and
  • open the file in vi (or other text editor)
.
  • Add in the following text as the last line of the file (before the closing ?>)
    Code Block
    define('DEFAULT_LOGIN_TYPE', 'ldap');
  • Acceptable values are "local", "radius", "ldap" and "saml". If this line is not present in globals.php, the default option is "local".
Note
titleUsing SSL encryption

To use SSL encryption with LDAP, the ldap.conf file must be correctly configured on the ProVision server.

Typically, the LDAP configuration file is kept at "/etc/ldap/ldap.conf".  Make sure the following line is present:

    TLS_REQCERT allow

and restart the webserver. 

 

...