Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
technical:ldap-integration-rba [2025/06/08 05:13] – [Bind (Initial Connection)] systemtechnical:ldap-integration-rba [2025/06/08 06:35] (current) – [Adjusting the rights of a role] system
Line 28: Line 28:
  
 ===== Common Settings ===== ===== Common Settings =====
-  - **Client connects:** The LDAP client (e.g., user authentication script) connects to the LDAP server+<panel type="primary"> 
-  **Bind request:** The client sends bind request to the serverwhich includes the username (or DN) and password+{{:technical:ldap:ldap_rba_common.png|}} 
-  **Server authenticates:** The server checks the username and password against its stored credentials+</panel> 
-  **Bind response:** If the credentials are validthe server responds with a bind response, indicating a successful connection.+  * The LDAP group to RBA mapping is optional functionality available as complement to the standard LDAP integration
 +  * To ensure that the LDAP user has pleasant experience the first time they log inwe pre-define the default Cloud and Realm they will be assigned to
 +  * As stated earlier, we also give the option to specify the attribute that will contain the groups the user belongs to
 +  * The recommended value is //memberof//all in lowercase.
  
 +-----------------
 ===== Admin ===== ===== Admin =====
-  - **Client connects:** The LDAP client (e.g., a user authentication script) connects to the LDAP server. +<panel type="primary"> 
-  - **Bind request:** The client sends a bind request to the server, which includes the username (or DN) and password+{{:technical:ldap:ldap_rba_admin.png|}} 
-  - **Server authenticates:** The server checks the username and password against its stored credentials. +</panel> 
-  - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful connection. +   * The Admin role will typically include the most components to include.
  
 +-----------------
 ===== Operator ===== ===== Operator =====
-  - **Client connects:** The LDAP client (e.g., a user authentication script) connects to the LDAP server+<panel type="primary"> 
-  - **Bind request:** The client sends a bind request to the serverwhich includes the username (or DN) and password. +{{:technical:ldap:ldap_rba_operator.png|}} 
-  - **Server authenticates:** The server checks the username and password against its stored credentials. +</panel> 
-  - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful connection. +  * The Operator role will typically have less components selected compared to the Admin rolebut more components then the View role.
  
 +-----------------
 ===== View ===== ===== View =====
-  - **Client connects:** The LDAP client (e.g., a user authentication script) connects to the LDAP server. 
-  - **Bind request:** The client sends a bind request to the server, which includes the username (or DN) and password. 
-  - **Server authenticates:** The server checks the username and password against its stored credentials. 
-  - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful connection. 
- 
-===== Search ===== 
-  - **Search request:** The client sends a search request to the server, specifying the search base, scope, filter, and attributes to retrieve. 
-  - **Server searches:** The server searches its directory based on the client's request. 
-  - **Search response:** The server responds with a search response, containing the matching entries and their attributes. 
- 
-===== Bind on Search Result with Password ===== 
-  - **Client selects entry:** The client selects an entry from the search results. 
-  - **Client extracts DN:** The client extracts the DN (distinguished name) from the selected entry. 
-  - **Bind request with DN and password:** The client sends a new bind request to the server, using the extracted DN and the user-provided password. 
-  - **Server authenticates:** The server checks the DN and password against its stored credentials. 
-  - **Bind response:** If the credentials are valid, the server responds with a bind response, indicating a successful authentication. 
- 
----------- 
-----------  
-====== Configure LDAP ====== 
-  * LDAP Integration is configured under the settings tab. 
-  * One item that needs a bit more explanation is Filter. 
-  * The filter contains a special character (**%s**) which will be substituted with the username that the user provide to log in. 
-  * For active directory it will typically be **(&(objectClass=user)(samaccountname=%s))**. 
-  * This filter will be applied when searching to find the DN of the user who needs to be authenticated. 
-  
 <panel type="primary"> <panel type="primary">
-{{:technical:ldap:ldap_settings.png|}}+{{:technical:ldap:ldap_rba_view.png|}}
 </panel> </panel>
 +  * The View role will typically have the least components selected of the available three roles.
 +
  
 --------- ---------
- +====== Adjusting the rights of a role ====== 
-====== Test LDAP Settings ====== +  * Should you need to adjust the rights for one of the roles, there is a dedicated section in the Wiki which covers that topic.
-  * There is also a **Test LDAP Settings** Button that helps you to test the LDAP settings to ensure they work as intended. +
-  * The tests that will be done will be matching the **LDAP Authentication Process** described earlier on this page. +
-<panel type="primary"> +
-{{:technical:ldap:ldap_settings_test.png|}} +
-</panel>+
  
  • technical/ldap-integration-rba.1749352419.txt.gz
  • Last modified: 2025/06/08 05:13
  • by system