Open-AudIT can be configured to use LDAP servers (Microsoft Active Directory and/or OpenLDAP) to authenticate and authorize a user and in addition, to create a user account in Open-AudIT using assigned roles and orgs based on LDAP group membership.
How Does it Work?
If using Active Directory, you do not need to populate the
user_membership_attribute attributes. These are used by OpenLDAP only.
If the user logging on to Open-AudIT does not have the access to search LDAP, you can use another account which does have this access. Use the
dn_password to configure this.
If you need to configure OpenLDAP access for your users and a given users access DN is normally
uid=username@domain,cn=People,dc=your,dc=domain,dc=com then you should set base_dn to
dc=your,dc=domain,dc=com and user_dn to
uid=@username@@domain,cn=People. The special words @username and @domain will be replaced by the login details provided by your user on the login page.
If you need to configure Active Directory access, you can usually use the example of
cn=Users,dc=your,dc=domain,dc=com for your base_dn. here is no need to set user_dn.
These are only examples. You may need to adjust these attributes to suit your particular LDAP.
If you are using Open-AudIT Professional or Enterprise and you enable LDAP and you wish for user accounts to be automatically created at logon, you must edit the (text) file:
Linux – /usr/local/omk/conf/opCommon.nmis
Windows – c:\omk\conf\opCommon.nmis
And ensure that auth_method_1 is set to openaudit.
Creating a LDAP Server Entry
A LDAP Server can be created using the web interface if a user has a role that contains the ldap_servers::create permission. Go to menu: Admin -> Ldap Servers-> Create Ldap Server. There is also a create button on the collection page.
View a LDAP Server Details
Go to menu: Admin -> Ldap Servers-> List Ldap Servers.
You will see a list of Ldap Servers. You can view the details of a Ldap Server by clicking on the blue view icon.
You can also edit or delete the entry.
The database schema can be found in the application is the user has database::read permission by going to menu: Admin -> Database -> List Tables, then clicking on the details button for the table.
API / Web Access
You can access the collection using the normal Open-AudIT JSON based API. Just like any other collection. Please see The Open-AudIT API documentation for further details.