This is an old revision of the document!

LDAP and Role Based Access (RBA)

  • RADIUSdesk allows the admin of a cloud to be in one of three possible roles.
    • Admin
    • Operator
    • View
  • The rights of the admin is dictated by the role they are in.
  • This document will cover the optional configuration that allows you to map LDAP groups to the respective available roles.

Group Attribute

  • The RADIUSdesk implementation allows you to specify the LDAP attribute which contains the groups a user belongs to.
  • If you have an OpenLDAP deployment, you might have to add the memberof overlay.
  • This link describes the process in more detail: https://tylersguides.com/guides/openldap-memberof-overlay/
  • If you have an Active Directory deployment, make sure the user that does the initial bind can read the memberOf attribute.
  • This link covers the items you need to double check: http://www.michaelm.info/blog/?p=1435

LDAP group to RBA mapping

Common Settings

  1. Client connects: The LDAP client (e.g., a user authentication script) connects to the LDAP server.
  2. Bind request: The client sends a bind request to the server, which includes the username (or DN) and password.
  3. Server authenticates: The server checks the username and password against its stored credentials.
  4. Bind response: If the credentials are valid, the server responds with a bind response, indicating a successful connection.

Admin

  1. Client connects: The LDAP client (e.g., a user authentication script) connects to the LDAP server.
  2. Bind request: The client sends a bind request to the server, which includes the username (or DN) and password.
  3. Server authenticates: The server checks the username and password against its stored credentials.
  4. Bind response: If the credentials are valid, the server responds with a bind response, indicating a successful connection.

Operator

  1. Client connects: The LDAP client (e.g., a user authentication script) connects to the LDAP server.
  2. Bind request: The client sends a bind request to the server, which includes the username (or DN) and password.
  3. Server authenticates: The server checks the username and password against its stored credentials.
  4. Bind response: If the credentials are valid, the server responds with a bind response, indicating a successful connection.

View

  1. Client connects: The LDAP client (e.g., a user authentication script) connects to the LDAP server.
  2. Bind request: The client sends a bind request to the server, which includes the username (or DN) and password.
  3. Server authenticates: The server checks the username and password against its stored credentials.
  4. Bind response: If the credentials are valid, the server responds with a bind response, indicating a successful connection.

Test LDAP Settings

  • There is also a Test LDAP Settings Button that helps you to test the LDAP settings to ensure they work as intended.
  • The tests that will be done will be matching the LDAP Authentication Process described earlier on this page.

  • technical/ldap-integration-rba.1749352512.txt.gz
  • Last modified: 2025/06/08 05:15
  • by system