Versions Compared

Old Version 23

changes.mady.by.user The Force

Saved on

compared with

New Version 24

changes.mady.by.user The Force

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from this space and version 8.0.0

...

HTML
<div id="google_translate_element"></div>
<script type="text/javascript">
function googleTranslateElementInit() {
  new google.translate.TranslateElement({pageLanguage: 'en'}, 'google_translate_element');
}
</script>
<script type="text/javascript" src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>

LDAP Authentication

Image Added

LDAP authentication options are accessed by clicking the "Authentication" sub-tab at the top of the Admin Settings page, then selecting "LDAP" from the "Authentication Options" module.

Before you enter LDAP settings, ensure that you have the LDAP server set up and configured for ProVision.


Table of Contents


Set up an LDAP Server for Authentication

To setup an LDAP server for authentication, you must perform the following three procedures:toc

Configure the LDAP Server:

Configuring the LDAP server involves ((adding the schema)) and adding LDAP users / groups to the server:

LDAP Schema - Example

Code Block
attributetype (1.3.6.1.4.1.5023215.2.3.21 NAME 'sixConnGroup' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) objectclass ( 1.3.6.1.4.1.5023215.2.4.2 NAME 'sixConnectPermissionsV2' DESC '6Connect Permissions Object v2' SUP top AUXILIARY MUST ( sixConnGroup ) )


Creating a LDAP User:

SSH into your openLDAP server and create a new 'ldif' file.  Example:

...

Code Block
 ldapadd -h [SERVER] -x -f [LDIF FILE] -D [ROOTDN] -w [ROOT PW] -v

 Example Example:

Code Block
 ldapadd -h localhost -x -f 6connect.ldif -D "cn=Manager,dc=6connect,dc=com" -w secret -v

The user will now be active in openLDAP and can be used to login to ProVision. 

Test the LDAP Server

To query the LDAP server, run the following command on any server which has openLDAP enabled:

...

At the end of the command where [USER] is specified, user or groups can be used (in LDAP format) to query.

Example: 

Code Block
languagetext
ldapsearch -b "dc=6connect,dc=com" -h 50.240.195.129 -D "cn=Mayor,ou=people,dc=6connect,dc=com" -w testpass "cn=MajorMiner"

Configure ProVision for LDAP Authentication 

To configure the use of LDAP authentication with ProVision, follow the steps below.

  1. Log into 6connect ProVision
  2. Go to Settings Tab → Admin

...

  1. Settings -> Authentication

...

  1. Select "LDAP" under "Authentication Options"
  2. Move the LDAP Enable

...

  1. selector to the "ON" position.
  2. Fill in the hostname or ip address, authentication port, LDAP Security, Auth DN, and Fetch DN

...

  1. .
    1. Optionally, enter the LDAP Username and Password in order to allow ProVision to import LDAP Contacts and sync LDAP contact information (see: Contact Manager)
  2. Click "Test Server" to verify the connection.

Image Added

...

Image Removed

Example values in this case would be: 

  • LDAP Enable: (Checked)
  • LDAP Server Address:  52.240.195.12
  • LDAP Port:  389 ( or SSL/TLS port is 636)
  • LDAP Security:  None
  • LDAP Auth DN:  cn=%LOGIN%,ou=people,dc=6connect,dc=com
  • LDAP Fetch DN:  cn=%LOGIN%


Note
titleSetting default login authentication options

In the login screen, you would select the authentication method from the dropdown. If you like, you can set the default login option in the following way:

Go to the /data/globals.php and open in vi (or other editor). Add in the following text as the last line of the file (before the closing ?>)

define('DEFAULT_LOGIN_TYPE', 'radiusldap');

Acceptable values are "local", "radius", "ldap" and "ldapsaml". If this line is not present in globals.php, the default option is "local".

...

Note
titleUsing SSL encryption

To use SSL encryption with LDAP, the ldap.conf file must be correctly configured on the ProVision server.

Typically, the LDAP configuration file is kept at "/etc/ldap/ldap.conf".  Make sure the following line is present:

    TLS_REQCERT allow

and restart the webserver


Add or Update LDAP Settings

To add or update LDAP settings, go to the Settings Tab → Admin to enter the Admin area of ProVision.

Then, click the "Authentication" sub-tab at the top of the Admin Settings page, and select "LDAP" from the "Authentication Options" module.

Image Added

Enter or update the following settings:

  • LDAP Enable: check the box to enable LDAP functionality.
  • LDAP Server Address: Set the IP address of your LDAP server.
  • LDAP Port: Set the port for your LDAP server
  • LDAP Security: Select the security method of your LDAP server - SSL, TLS or None
  • Test Server: Click to test the connection to the LDAP server.
  • LDAP Auth DN/Fetch DN: These strings are used to first authentication the 6connect user and then to retrieve their permissions. The string '%LOGIN%' should be inserted in place of the user's common name both strings. (ex: cn=%LOGIN%,ou=people,dc=6connect,dc=com)
  • LDAP Group Attribute: If using an internal list of user groups instead of 6connect groups, enter the attribute name for the LDAP groups here. If a Group Attribute is set, it will be used first, otherwise the 6connect schema will be used. 
  • LDAP Username / LDAP Password: Optionally, you may enter LDAP admin credentials to allow ProVision to import and sync LDAP contacts. See Contact Manager for details on LDAP contacts.
  • Mapping Permissions to 6connect schema: To integrate 6connect permissions with your existing directory structure then you will need the 6connect schema. It should snap in with any existing LDAP structure and allow you to assign 6connect permissions to your existing users. You can download a copy of the schema from this section.

When done, you may optionally click "Test Server" to verify the connection to the LDAP server with the entered settings, then "Save Changes"


LDAP Authentication on a Windows Server

For information on settings up LDAP for a Windows server, see the following section: