Versions Compared

Old Version 5

changes.mady.by.user Mitchell Saunders

Saved on

compared with

New Version 6

changes.mady.by.user Mitchell Saunders

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

auth_ldap_privs_file

Integrating with MS-LDAP

You need to use both auth_ms_ldap and auth_ldap attributes for this to be a successful integration, this is so we can query both our user and group base and then apply the correct RBAC roles.

For this to be successful with ms-ldap authentication, the following example below will guide you through the process. Note that in this example the LDAP base and context search has been set for the whole domain, you can tune as you need to be more tightly integrated.
You need to use both auth_ms_ldap and auth_ldap attributes for this to be a successful integration.The process is similar for ms-ldaps authentication, you will need to replace with ms-ldaps where required. Examples of integrating ms-ldaps and ms-ldap can be viewed here: OMK Authentication Methods

Code Block
title/usr/local/omk/conf/opCommon.json
...
	"authentication" : {
       ...
    "auth_method_1" : "ms-ldap",
#First let's define the ms-ldap specific requirements
    "auth_ms_ldap_attr" : "sAMAccountName",
    "auth_ms_ldap_base" : "dc=contoso,dc=local",
    "auth_ms_ldap_dn_acc" : "svc_omk_admin", # you should only need to use the username here, but if this is not successful, you can use username@domain as well.
    "auth_ms_ldap_dn_psw" : "password_of_the_dn_acc_above",
    "auth_ms_ldap_server" : "IP_ADDRESS_OF_YOUR_MS_LDAP_SERVER", #eg. 192.168.1.22
#Now we add in the ldap specific requirements, including enabling auth_ldap_privs
    "auth_ldap_privs" : 1,
    "auth_ldap_context" : "dc=contoso,dc=local",
    "auth_ldap_acc" : "svc_omk_admin@contoso.local",
    "auth_ldap_psw" : "password_of_the_auth_ldap_acc_above",
    "auth_ldap_group" : "memberOf",
    "auth_ldap_server" : "the_fqdn_of_your_ad_server:389", # you could also use an IP address here, but you need to ensure that the LDAP/LDAPS port is added in the value, eg. 192.168.1.22:389
      ...
    },
...

Once saved, you will then need to restart the omkd daemon for this to take affect.

If your organisation uses ms-ldaps authentication, the process is very similar. You will need to replace auth_ms_ldap attributes with auth_ms_ldaps (for example using auth_ms_ldaps_server). You will also need to replace auth_ldap attributes with auth_ldaps (for example using auth_ldaps_server).

Examples of integrating ms-ldap, ms-ldaps, ldap, ldaps and other authentication methods can be found here: OMK Authentication Methods