Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
technical:ldap-integration [2025/02/15 06:59] – [Introduction] systemtechnical:ldap-integration [2025/02/15 21:00] (current) system
Line 8: Line 8:
 ====== Introduction ====== ====== Introduction ======
  
-  * RADIUSdesk has become a popular choice for enterprise deployments due to its flexibility and user friendly yet versatile user interface. +  * RADIUSdesk has become a popular choice for enterprise deployments due to its flexibility and user-friendly and versatile interface. 
-  * We now also offer our enterprise customers the option of LDAP integration for managing admins to the RADIUSdesk system. +  * We now also offer our enterprise customers the option of LDAP integration for managing administrators within the RADIUSdesk system. 
-  * In this document we will cover the configuration and testing of LDAP integration in RADIUSdesk. +  * In this documentwe will cover the configuration and testing of LDAP integration in RADIUSdesk.
  
-<alert type="success"> +-----------------
-  * To switch between Clouds; there is a **Cloud** selector at the top right. +
-  * There is a dedicated page on how clouds work in RADIUSdesk. +
-</alert> +
-===== Overview =====+
  
-  Here you can get a bird's eye view of the system+====== Required Packages ====== 
-  * There is a view for the networks and one for the data usage (RADIUS).+  We use the Authentication **Plugin** available with CakePHP v4 and CakePHP v5 as the foundation for the LDAP integration
 +  * In the past we used the Auth **Component** which is now being replaced by the Authentication and Authorization **Plugins** in more recent versions of CakePHP. 
 +  * The rdcore git code from 15 February onward will have the Authentication plugin included and active. 
 +  * To add LDAP capability you also need to install the LDAP php library on the system hosting RADIUSdesk. 
 +<code bash> 
 +sudo apt-get install php-ldap 
 +</code>
  
----------- +----------------- 
-===== Users ===== +====== LDAP Authentication Process ======
-  * In this section, you manage the RADIUS users and include +
-        * Permanent Users +
-        * Vouchers +
-        * BYOD +
-        * Activity Viewer +
-        * Top-Ups+
  
-===== RADIUS ===== +===== Bind (Initial Connection) ===== 
-  * This section contains all elements related to RADIUS users (previous section+  **Client connects:** The LDAP client (e.g., a user authentication scriptconnects to the LDAP server. 
-        RADIUS Clients +  **Bind request:** The client sends a bind request to the server, which includes the username (or DN) and password. 
-        Profiles +  **Server authenticates:** The server checks the username and password against its stored credentials. 
-        Realms+  - **Bind response:*If the credentials are valid, the server responds with a bind response, indicating a successful connection.
  
------------------ +===== Search ===== 
-===== Network ===== +  **Search request:** The client sends a search request to the server, specifying the search base, scope, filter, and attributes to retrieve. 
-  * In this section you manage the OpenWrt-based hardware +  **Server searches:** The server searches its directory based on the client's request. 
-        MESHdesk +  **Search response:** The server responds with a search response, containing the matching entries and their attributes.
-              Nodes +
-        AP Profiles +
-              APs +
-        * New Arrivals+
  
----------------- +===== Bind on Search Result with Password ===== 
- +  **Client selects entry:** The client selects an entry from the search results. 
-===== Login Pages ===== +  - **Client extracts DN:** The client extracts the DN (distinguished name) from the selected entry. 
-  * In this section you will find the dynamic login pages that can be used by the RADIUS and Network sections.+  - **Bind request with DN and password:** The client sends a new bind request to the server, using the extracted DN and the user-provided password. 
 +  - **Server authenticates:** The server checks the DN and password against its stored credentials. 
 +  - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful authentication.
  
 ---------- ----------
-===== Other ===== +----------  
-  * This section contains the rest so to speak but can also be grouped into sections +====== Configure LDAP ====== 
-  * Settings (root users only) +  * LDAP Integration is configured under the settings tab. 
-  * Clouds +  * One item that needs a bit more explanation is Filter. 
-  * Admins (root users only+  * The filter contains a special character (**%s**which will be substituted with the username that the user provide to log in. 
-  * Hardware +  * For active directory it will typically be **(&(objectClass=user)(samaccountname=%s))**. 
-  Schedules +  * This filter will be applied when searching to find the DN of the user who needs to be authenticated. 
-  Firewall +  
-  OpenVPN Servers +<panel type="primary"> 
-  * Accel-ppp Servers +{{:technical:ldap:ldap_settings.png|}} 
- +</panel>
- +
  
 +---------
  
 +====== Test LDAP Settings ======
 +  * There is also a **Test LDAP Settings** Button that helps you to test the LDAP settings to ensure they work as intended.
 +  * The tests that will be done will be matching the **LDAP Authentication Process** described earlier on this page.
 +<panel type="primary">
 +{{:technical:ldap:ldap_settings_test.png|}}
 +</panel>
  
  • technical/ldap-integration.1739595585.txt.gz
  • Last modified: 2025/02/15 06:59
  • by system