With Obseron LDAP support it is possible to use Active Directory users and groups in Obseron, in a Windows environment.
Enabling LDAP on an domain connected server
- Open Settings > System > LDAP
- Select Secure checkbox for LDAPS (Optional)
- Enter search bases for users and groups
- Group example: CN=groups,DC=ad,DC=example,DC=com
- Users example: CN=users,DC=ad,DC=example,DC=com
- Click on Check search bases
- If the resulting users and groups are correct, click Import groups
Enabling LDAP on a non-domain connected server that has access to an AD server
- Open Settings > System > LDAP
- Select Override connection settings
- Enter the IP address or hostname of the AD server on the Host field
- Select the port (By default LDAP 389, for LDAPS use port 636)
- Enter user credentials for checking the users and groups (These can be emptied once the group importing is done)
- Select the authentication method
- Select Secure checkbox for LDAPS (Optional)
- Enter search bases for users and groups (Multiple search bases separated by semicolon)
- Group example: CN=groups,DC=ad,DC=example,DC=com
- Users example: CN=users,DC=ad,DC=example,DC=com; CN=othersite_users,DC=ad,DC=example,DC=com
- Click Check search bases
- If the resulting users and groups are correct, click Import groups
Setting up permissions for the imported groups
Once the groups are imported, permissions for them can be checked and modified from Settings > Permissions.
- LDAP permission groups are separate groups from normal permission groups, indicated by a different icon .
- The LDAP group DN (Distinguished Name) will be visible under the name of the group.
- Permissions for groups are always managed through Obseron
Using LDAP login
To use AD users to login to Obseron, a single local administrator user must be created for the server and every client. These local administrator user do not have anything to do with the AD users, they're just used to trigged the login dialog on startup.
Now after logging out from the administrator user, AD users can be used to login.
Comments
0 comments
Please sign in to leave a comment.