LDAP authentication
Overview
Starting with 2.4.0 version of ADS Control, for connection to user interface, in addition to basic authentication users (required user admin and created users), users with an account in MS Active Directory can be used.
To configure authentication in the user interface, DN (distinguished name) — the user account in Active Directory — is used (for example, cn=user_ads,ou=users,dc=foo,dc=com). At the same time, CN (common name) is used as a login for authentication in the user interface (for this example, user_ads).
To configure authentication of several users, a DN for searching users in the cn={0},ou=users,dc=foo,dc=com format can be specified, where the index {0} is used to replace the CN of users. In this case, the CN of any user matching this DN is used as a login for authentication.
Enable LDAP authentication
To enable authentication for LDAP users, follow these steps on the configuration page of the ADS Control service:
-
Activate the LDAP Authentication switch and fill in the parameters in the drop-down list of parameters:
-
LDAP URL — URL of the LDAP server. The URL must begin with ldap:// or ldaps:// and include a port.
-
Authentication Query — query for searching users. Can be a full DN of a user (
cn=user_ads,ou=users,dc=foo,dc=com) or DN for searching users (cn={0},ou=users,dc=foo,dc=com).
Enabling LDAP authentication
-
-
Save the configuration by clicking Save.
-
Restart the ADS Control service. To do this, apply the Restart action by clicking on the icon
in the Actions column of the service.As a result, the LDAP user or user group has access to the user interface of ADS Control. To authenticate in the authorization window, enter the user’s CN and password for their account in MS Active Directory. After authentication in ADS Control, the user’s CN is displayed in the authorization section.