Differences
This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
technical:ldap-integration [2025/02/15 05:53] – created system | technical:ldap-integration [2025/02/15 21:00] (current) – system | ||
---|---|---|---|
Line 8: | Line 8: | ||
====== Introduction ====== | ====== Introduction ====== | ||
- | The desktop | + | * RADIUSdesk has become a popular choice for enterprise deployments due to its flexibility and a user-friendly and versatile |
- | <alert type=" | + | * We now also offer our enterprise customers |
- | * To switch between Clouds; there is a **Cloud** selector at the top right. | + | * In this document, we will cover the configuration and testing of LDAP integration |
- | * There is a dedicated page on how clouds work in RADIUSdesk. | + | |
- | </ | + | |
- | ===== Overview ===== | + | |
- | * Here you can get a bird's eye view of the system. | + | ----------------- |
- | * There is a view for the networks and one for the data usage (RADIUS). | + | |
- | ---------- | + | ====== Required Packages ====== |
- | ===== Users ===== | + | * We use the Authentication **Plugin** available with CakePHP v4 and CakePHP v5 as the foundation for the LDAP integration. |
- | * In this section, you manage | + | * In the past we used the Auth **Component** which is now being replaced by the Authentication and Authorization **Plugins** in more recent versions of CakePHP. |
- | * Permanent Users | + | * The rdcore git code from 15 February onward will have the Authentication plugin included and active. |
- | | + | * To add LDAP capability you also need to install the LDAP php library on the system hosting RADIUSdesk. |
- | | + | <code bash> |
- | | + | sudo apt-get install php-ldap |
- | * Top-Ups | + | </ |
- | + | ||
- | ===== RADIUS ===== | + | |
- | * This section contains all elements related | + | |
- | * RADIUS Clients | + | |
- | * Profiles | + | |
- | * Realms | + | |
----------------- | ----------------- | ||
- | ===== Network | + | ====== LDAP Authentication Process ====== |
- | * In this section you manage the OpenWrt-based hardware | + | |
- | * MESHdesk | + | |
- | * Nodes | + | |
- | * AP Profiles | + | |
- | * APs | + | |
- | * New Arrivals | + | |
- | ---------------- | + | ===== Bind (Initial Connection) ===== |
+ | | ||
+ | | ||
+ | | ||
+ | | ||
- | ===== Login Pages ===== | + | ===== Search |
- | * In this section you will find the dynamic login pages that can be used by the RADIUS | + | |
+ | - **Server searches:** The server searches its directory based on the client' | ||
+ | - **Search response:** The server responds with a search response, containing the matching entries and their attributes. | ||
+ | |||
+ | ===== Bind on Search Result with Password ===== | ||
+ | - **Client selects entry:** The client selects an entry from the search results. | ||
+ | - **Client extracts DN:** The client extracts the DN (distinguished name) from the selected entry. | ||
+ | - **Bind request with DN and password:** The client sends a new bind request to the server, using the extracted DN and the user-provided password. | ||
+ | - **Server authenticates: | ||
+ | - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful authentication. | ||
---------- | ---------- | ||
- | ===== Other ===== | + | ---------- |
- | * This section contains | + | ====== Configure LDAP ====== |
- | * Settings (root users only) | + | * LDAP Integration is configured under the settings tab. |
- | * Clouds | + | * One item that needs a bit more explanation is Filter. |
- | * Admins | + | * The filter contains a special character |
- | * Hardware | + | * For active directory it will typically be **(& |
- | | + | * This filter will be applied when searching to find the DN of the user who needs to be authenticated. |
- | | + | |
- | | + | <panel type=" |
- | * Accel-ppp Servers | + | {{: |
- | + | </ | |
- | + | ||
+ | --------- | ||
+ | ====== Test LDAP Settings ====== | ||
+ | * There is also a **Test LDAP Settings** Button that helps you to test the LDAP settings to ensure they work as intended. | ||
+ | * The tests that will be done will be matching the **LDAP Authentication Process** described earlier on this page. | ||
+ | <panel type=" | ||
+ | {{: | ||
+ | </ | ||