Overview
Open-AudIT can use Active Directory and/or OpenLDAP for user authentication and authorisation. Open-AudIT will query both types of LDAP servers to validate a user's username and password, then retrieve user details and the list of roles the user has and the orgs a user has access to. Open-AudIT will automatically create the user if they are authenticated and authorized so no manual user setup within Open-AudIT is required - at all!
How To
To enable this, create a new LDAP Server item by going to menu -> Manage Admin -> LDAP Servers -> Create LDAP Servers.
...
Roles can only be created and edited if you have an Open-AudIT Enterprise license. For most users, the default set of Roles should be all that is required. And if you think about it, it's more granularity than Open-AudIT has ever had at any time!
Enabling for Professional and Enterprise
If you are using Open-AudIT Professional or Enterprise and you enable LDAP and you wish for user accounts to be automaticallly created at logon, you must edit the (text) file:
Linux – /usr/local/omk/conf/opCommon.nmis
Windows – c:\omk\conf\opCommon.nmis
And ensure that auth_method_1 is set to openaudit.
That's all there is to it. As long as Open-AudIT can talk to an LDAP Server - be it an Active Directory Domain Controller or an OpenLDAP server, your users can use their existing LDAP credentials to logon to Open-AudIT.
The default Open-AudIT groups for LDAP Server authorization are:
Roles Groups
Code Block |
---|
+-----------+----------------------------+ | name | ad_group | +-----------+----------------------------+ | admin | open-audit_roles_admin | | org_admin | open-audit_roles_org_admin | | reporter | open-audit_roles_reporter | | user | open-audit_roles_user | +-----------+----------------------------+ |
Orgs Groups
Code Block |
---|
+----------------------+--------------------------------------+ | name | ad_group | +----------------------+--------------------------------------+ | Default Organisation | open-audit_orgs_default_organisation | +----------------------+--------------------------------------+ |