LDAP authentication

Daria Barysheva

ADB Control supports LDAP (Lightweight Directory Access Protocol) user authentication. Unlike basic authentication, you do not need to add users manually via ADB Control when using LDAP. User accounts and passwords are checked on the selected LDAP server.

To configure LDAP authentication, follow the steps:

  1. Ensure the target LDAP server is configured and available. ADB Control supports two LDAP implementations: Microsoft Active Directory (MS AD) and 389 Directory server as a part of FreeIPA.

  2. Open the ADB Control service configuration page in ADCM.

  3. Activate the UI LDAP authentication switcher.

  4. Fill in the following fields.

    Field Description Example in MS AD

    Type

    A type of the LDAP server. Possible values:

    • MSAD — Microsoft Active Directory;

    • FreeIPA — 389 Directory server as a part of FreeIPA.

    MSAD

    URI

    A URI for connecting to the LDAP server(-s). For example, ldap://example.com:389. A domain name can be used. Also, the name can be resolved to the addresses of several LDAP servers

    ldap://10.92.2.66:389

    Users baseDN

    A limitation of the search scope of objects in the LDAP directory that is used in users search requests

    dc=ad,dc=ranger-test

    Groups baseDN

    A limitation of the search scope of objects in the LDAP directory that is used in groups search requests

    dc=ad,dc=ranger-test

    Users OUs

    A list of OU for user search. If the option is set, users will be searched only in the specified OUs, otherwise — within full Users baseDN. Enter each OU value on a separate line using the ou=<name> format (e.g. ou=users1)

    ou=Peoples

    Groups OUs

    A list of OU for group search. If the option is set, groups will be searched only in the specified OUs, otherwise — within full Groups baseDN. Enter each OU value on a separate line using the ou=<name> format (e.g. ou=groups1)

    ou=Groups

    Group

    A group name that is used for service requests to the LDAP server

     — 

    Login

    A user name that is used for service requests to the LDAP server

    cn=admin,dc=ad,dc=ranger-test

    Password

    A user password that is used for service requests to the LDAP server

    A password of the admin user

    Size limit

    A maximum number of records that can be returned by the LDAP server

    1000

    Lowercase login

    Whether or not to convert user names to lowercase

    false
    IMPORTANT

    Different LDAP implementations use different names for object types and identifiers. It is recommended to refine the settings format for a specific LDAP implementation from the LDAP server administrator.

  5. Click Save. Then apply the Reconfigure & Restart action to the ADB Control service.

    adbc ldap
    Configure LDAP authentication for ADB Control via ADCM

  6. In the ADB Control web interface, map LDAP user groups to ADB Control roles. This is necessary for LDAP users to get the appropriate permissions to work in ADB Control. For more information, see Authorization.

If all steps are completed successfully, users can connect to ADB Control using the accounts registered for them on the LDAP server.

Found a mistake? Seleсt text and press Ctrl+Enter to report it