...
For this to be successful with ms-ldap authentication, the following example below will guide you through the process. Note that in this example the LDAP base and context search has been set for the whole domain, you can tune as you need to be more tightly integrated.
The process is similar for ms-ldaps authentication, you will need to replace with ms-ldaps where required. Examples of integrating ms-ldaps and ms-ldap can be viewed here: OMK Authentication Methods
| Code Block | ||
|---|---|---|
| ||
...
"authentication" : {
...
"auth_method_1" : "ms-ldap",
#First let's define the ms-ldap specific requirements
"auth_ms_ldap_attr" : "sAMAccountName",
"auth_ms_ldap_base" : "dc=contoso,dc=local",
"auth_ms_ldap_dn_acc" : "svc_omk_admin", # you should only need to use the username here, but if this is not successful, you can use username@domain as well.
"auth_ms_ldap_dn_psw" : "password_of_the_dn_acc_above",
"auth_ms_ldap_server" : "IP_ADDRESS_OF_YOUR_MS_LDAP_SERVER", #eg. 192.168.1.22
#Now we add in the ldap specific requirements, including enabling auth_ldap_privs
"auth_ldap_privs" : 1,
"auth_ldap_context" : "dc=contoso,dc=local",
"auth_ldap_acc" : "svc_omk_admin@contoso.local",
"auth_ldap_psw" : "password_of_the_auth_ldap_acc_above",
"auth_ldap_group" : "memberOf",
"auth_ldap_server" : "the_fqdn_of_your_ad_server:389",
...
},
... |
Once saved, you will then need to restart the omkd daemon for this to take affect.