Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

Open-AudIT can be configured to use LDAP servers (Microsoft Active Directory and/or OpenLDAP) to authenticate and authorize a user and in addition, to create a user account in Open-AudIT using assigned roles and orgs based on LDAP group membership.

...

If using Active Directory, you do not need to populate the user_dn or user_membership_attribute attributes. These are used by OpenLDAP only.


If the user logging on to Open-AudIT does not have the access to search LDAP, you can use another account which does have this access. Use the dn_account and dn_password to configure this.

...

You can also edit or delete the entry.



Database Schema

The database schema

...

can

...

be found in the application

...

is the user has database::read permission by going to menu: Admin -> Database -> List Tables, then clicking on

...

Code Block
languagetext
themeEclipse
CREATE TABLE `ldap_servers` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `name` varchar(200) NOT NULL DEFAULT '',
  `org_id` int(10) unsigned NOT NULL DEFAULT '1',
  `description` text NOT NULL,
  `lang` varchar(200) NOT NULL DEFAULT 'en',
  `host` varchar(200) NOT NULL DEFAULT '',
  `port` varchar(200) NOT NULL DEFAULT '385',
  `secure` enum('y','n') NOT NULL DEFAULT 'n',
  `domain` varchar(200) NOT NULL DEFAULT '',
  `type` enum('active directory','openldap') NOT NULL DEFAULT 'active directory',
  `version` int(1) unsigned NOT NULL DEFAULT '3',
  `base_dn` varchar(200) NOT NULL DEFAULT '',
  `user_dn` varchar(200) NOT NULL DEFAULT '',
  `user_membership_attribute` varchar(200) NOT NULL DEFAULT 'memberUid',
  `use_roles` enum('y','n') NOT NULL DEFAULT 'n',
  `dn_account` varchar(200) NOT NULL DEFAULT '',
  `dn_password` varchar(250) NOT NULL DEFAULT '',
  `refresh` int(10) unsigned NOT NULL DEFAULT '24',
  `refreshed` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
  `edited_by` varchar(200) NOT NULL DEFAULT '',
  `edited_date` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8;

A typical entry looks as below.

...

languagetext
themeEclipse

...

the details button for the table.


API / Web Access

You can access the

...

collection using the normal Open-AudIT JSON based API. Just like any other collection. Please

...

see The Open-AudIT API documentation for further

...

Access is provided as part of a roles permissions. Ldap Servers is a standard resource and can have create, read, update and delete permissions.

The API routes below are usable from both a JSON Restful API and the web interface. The Web application routes are specifically designed to be called from the web interface (a browser).

API Routes

...

Request Method

...

ID

...

Action

...

Resulting Function

...

Permission Required

...

URL Example

...

Notes

...

Example Response

...

details

...

Web Application Routes

...

Request Method

...

ID

...

Action

...

Resulting Function

...

Permission Required

...

URL Example

...

Notes

...

.