-
Notifications
You must be signed in to change notification settings - Fork 127
Installation Integration LDAP
Jethro Carr edited this page Mar 20, 2015
·
1 revision
LDAP authentication can be used for the web interface of NamedManager.
The following is required/assumed for this to work:
- Users are stored in ou=People, groups are stored in ou=Group.
- Group provides a posixgroup called "namedadmins" - all users who need access to NamedManager need to be a member of that posixgroup.
This setup is typical of OpenLDAP and is easily achieved with a program like LDAPAuthManager.
Adjust the configuration file for the NamedManager web interface at /etc/namedmanager/config.php.
Change the following line to "ldaponly":
$config["AUTH_METHOD"] = "ldaponly";
And uncomment and adjust the following lines:
$config["ldap_host"] = "auth.example.com";
$config["ldap_port"] = "389";
$config["ldap_dn"] = "ou=auth,dc=example,dc=com";
$config["ldap_manager_user"] = "cn=Manager,dc=example,dc=com";
$config["ldap_manager_pwd"] = "password";
$config["ldap_ssl"] = "enable";
The user management options in the application will be disabled and no existing application-only users will be able to login, the use of LDAP means only LDAP users belonging to the correct group of "namedadmins" can login.