Introduction
Open-AudIT can be configured to use LDAP servers (Microsoft Active Directory and/or OpenLDAP) to authenticate a user and in addition, to create a user account using assigned roles and orgs based on LDAP group membership.
How Does it Work?
Summaries are a single query against the database with a 'group by' command. Using this simple method we can easily create a summary for virtually any attribute.
We no longer require a separate report for each 'type' of a device. We now simply have a summary that groups by 'system.type' and shows the result. You can then click on a given type from the list and see the matching devices. In this case, one Summary replaces (potentially) 78 reports (there are 78 device types).
A summary is different to a query in that a summary is designed to group items by a given attribute then provide a 'click through' link to the actual devices. A query is simply a list of items with no further links. As above - this of a Summary as a combined "report + subreport", whereas a query is simply a single Report.
Summaries have a different 'collection' template to the other resources within Open-AudIT. This template shows the Summary as you would expect and also shows buttons with counts of other resources. This page is designed to be the HomePage of Open-AudIT.
Creating a LDAP Server Entry
A LDAP Server can be created using the web interface if a user has a role that contains the ldap_servers::create permission. Go to menu: Manage -> Ldap Servers-> Create Ldap Server. There is also a create button on the collection page.
View a LDAP Server Details
Go to menu: Manage -> Ldap Servers-> List Ldap Servers.
You will see a list of Ldap Servers. You can view the details of a Ldap Server by clicking on the blue view icon.
You can also edit or delete the entry.
Database Schema
The schema for the database is below. It can also be found in the application if the user has database::read permission by going to menu: Manage -> Database -> List Database, then clicking on the "ldap_servers" table.
CREATE TABLE `ldap_servers` (
`id` int(10) unsigned NOT NULL AUTO_INCREMENT,
`name` varchar(200) NOT NULL DEFAULT '',
`org_id` int(10) unsigned NOT NULL DEFAULT '1',
`description` text NOT NULL,
`lang` varchar(200) NOT NULL DEFAULT 'en',
`host` varchar(200) NOT NULL DEFAULT '',
`port` varchar(200) NOT NULL DEFAULT '385',
`secure` enum('y','n') NOT NULL DEFAULT 'n',
`domain` varchar(200) NOT NULL DEFAULT '',
`type` enum('active directory','openldap') NOT NULL DEFAULT 'active directory',
`version` int(1) unsigned NOT NULL DEFAULT '3',
`base_dn` varchar(200) NOT NULL DEFAULT '',
`user_dn` varchar(200) NOT NULL DEFAULT '',
`user_membership_attribute` varchar(200) NOT NULL DEFAULT 'memberUid',
`use_roles` enum('y','n') NOT NULL DEFAULT 'n',
`dn_account` varchar(200) NOT NULL DEFAULT '',
`dn_password` varchar(250) NOT NULL DEFAULT '',
`refresh` int(10) unsigned NOT NULL DEFAULT '24',
`refreshed` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
`edited_by` varchar(200) NOT NULL DEFAULT '',
`edited_date` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8;
A typical entry looks as below.
id: 8
name: My Business
org_id: 1
description: LDAP
lang: en
host: 192.168.1.200
port: 389
secure: y
domain: ldap.mybusiness.com
type: active directory
version: 3
base_dn:
user_dn:
user_membership_attribute: memberUid
use_roles: n
dn_account: nmis
dn_password: znfN8ixkwOqEmtEaDJocqZ/5hyIQi3Ih2NuJLBt/SAniG5p4uqN4qJbJCsFT1BNIvgWSRR3XBhFqXjf1jCxghg==
refresh: 24
refreshed: 2000-01-01 00:00:00
edited_by: Open-AudIT Enterprise
edited_date: 2017-05-22 03:30:39
API / Web Access
You can access the /summaries collection using the normal Open-AudIT JSON based API. Just like any other collection. Please see the API documentation for further details.
Access is provided as part of a roles permissions. Summaries is a standard resource and can have create, read, update and delete permissions.
The API routes below are usable from both a JSON Restful API and the web interface. The Web application routes are specifically designed to be called from the web interface (a browser).
API Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes | Example Response |
|---|---|---|---|---|---|---|---|
| POST | n | create | summaries::create | /summaries | Insert a new summaries entry. | summary_create.json | |
| GET | y | read | summaries::read | /summaries/{id} | Returns a summaries details. | summary_read.json | |
| PATCH | y | update | summaries::update | /summaries/{id} | Update an attribute of a summaries entry. | summary_update.json | |
| DELETE | y | delete | summaries::delete | /summaries/{id} | Delete a summaries entry. | summary_delete.json | |
| GET | n | collection | summaries::read | /summaries | Returns a list of summaries. | summary_collection.json | |
| POST | n | import | import | summaries::create | /summaries/import | Import multiple connections using a CSV. | |
| GET | y | execute | execute | summaries::read | /summaries/{id}/execute | Execute (run) a summary and show the result. | summary_execute.json |
Web Application Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes |
|---|---|---|---|---|---|---|
| GET | n | create | create_form | summaries::create | /summaries/create | Displays a standard web form for submission to POST /summaries. |
| GET | y | update | update_form | summaries::update | /summaries/{id}/update | Show the summaries details with the option to update attributes using PATCH to /summaries/{id} |
| GET | n | import | import_form | summaries::create | /summaries/import | Displays a standard web form for submission to POST /summaries/import. |