Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision
Previous revision
technical:ldap-integration [2025/02/15 05:53] – created systemtechnical:ldap-integration [2025/02/15 21:00] (current) system
Line 8: Line 8:
 ====== Introduction ====== ====== Introduction ======
  
-The desktop user interface consists of the following areasTo switch between them, click on the icons on the left-hand side of the screen. +  * RADIUSdesk has become a popular choice for enterprise deployments due to its flexibility and a user-friendly and versatile interface. 
-<alert type="success"> +  * We now also offer our enterprise customers the option of LDAP integration for managing administrators within the RADIUSdesk system
-  * To switch between Clouds; there is a **Cloud** selector at the top right. +  * In this document, we will cover the configuration and testing of LDAP integration in RADIUSdesk.
-  * There is a dedicated page on how clouds work in RADIUSdesk. +
-</alert> +
-===== Overview =====+
  
-  * Here you can get a bird's eye view of the system. +-----------------
-  * There is a view for the networks and one for the data usage (RADIUS).+
  
----------- +====== Required Packages ====== 
-===== Users ===== +  * We use the Authentication **Plugin** available with CakePHP v4 and CakePHP v5 as the foundation for the LDAP integration. 
-  * In this section, you manage the RADIUS users and include +  In the past we used the Auth **Component** which is now being replaced by the Authentication and Authorization **Plugins** in more recent versions of CakePHP. 
-        Permanent Users +  The rdcore git code from 15 February onward will have the Authentication plugin included and active. 
-        Vouchers +  * To add LDAP capability you also need to install the LDAP php library on the system hosting RADIUSdesk. 
-        BYOD +<code bash> 
-        Activity Viewer +sudo apt-get install php-ldap 
-        Top-Ups +</code>
- +
-===== RADIUS ===== +
-  * This section contains all elements related to RADIUS users (previous section) +
-        * RADIUS Clients +
-        * Profiles +
-        * Realms+
  
 ----------------- -----------------
-===== Network ===== +====== LDAP Authentication Process ======
-  * In this section you manage the OpenWrt-based hardware +
-        * MESHdesk +
-              * Nodes +
-        * AP Profiles +
-              * APs +
-        * New Arrivals+
  
-----------------+===== Bind (Initial Connection) ===== 
 +  **Client connects:** The LDAP client (e.g., a user authentication script) connects to the LDAP server. 
 +  **Bind request:** The client sends a bind request to the server, which includes the username (or DN) and password. 
 +  **Server authenticates:** The server checks the username and password against its stored credentials. 
 +  **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful connection.
  
-===== Login Pages ===== +===== Search ===== 
-  * In this section you will find the dynamic login pages that can be used by the RADIUS and Network sections.+  **Search request:** The client sends a search request to the server, specifying the search base, scope, filter, and attributes to retrieve. 
 +  - **Server searches:** The server searches its directory based on the client's request. 
 +  - **Search response:** The server responds with a search response, containing the matching entries and their attributes. 
 + 
 +===== Bind on Search Result with Password ===== 
 +  - **Client selects entry:** The client selects an entry from the search results. 
 +  - **Client extracts DN:** The client extracts the DN (distinguished name) from the selected entry. 
 +  - **Bind request with DN and password:** The client sends a new bind request to the server, using the extracted DN and the user-provided password. 
 +  - **Server authenticates:** The server checks the DN and password against its stored credentials. 
 +  - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful authentication.
  
 ---------- ----------
-===== Other ===== +----------  
-  * This section contains the rest so to speak but can also be grouped into sections +====== Configure LDAP ====== 
-  * Settings (root users only) +  * LDAP Integration is configured under the settings tab. 
-  * Clouds +  * One item that needs a bit more explanation is Filter. 
-  * Admins (root users only+  * The filter contains a special character (**%s**which will be substituted with the username that the user provide to log in. 
-  * Hardware +  * For active directory it will typically be **(&(objectClass=user)(samaccountname=%s))**. 
-  Schedules +  * This filter will be applied when searching to find the DN of the user who needs to be authenticated. 
-  Firewall +  
-  OpenVPN Servers +<panel type="primary"> 
-  * Accel-ppp Servers +{{:technical:ldap:ldap_settings.png|}} 
- +</panel>
- +
  
 +---------
  
 +====== Test LDAP Settings ======
 +  * There is also a **Test LDAP Settings** Button that helps you to test the LDAP settings to ensure they work as intended.
 +  * The tests that will be done will be matching the **LDAP Authentication Process** described earlier on this page.
 +<panel type="primary">
 +{{:technical:ldap:ldap_settings_test.png|}}
 +</panel>
  
  • technical/ldap-integration.1739591621.txt.gz
  • Last modified: 2025/02/15 05:53
  • by system