Ldap
From Wikanual
Contents |
ldap
Instead of managing INTERDUBS admin users for your segment in our system you can also use user information from your ldap system.
ldap parameters
Under utilities a root admin can edit the ldap parameter via the ldap configuration screen.
When you enter the parameters below then admin users will get authenticated against your system.
ldap host
The URL of your ldap host. An example would be:
ldaps://your.ldap.host:3269
where your.ldap.host is a valid domain name or IP address. If then ldap host is not empty, then INTERDUBS will try to use this address for authentications
ldap user
A valid user in the ldap database. It should have rights to look up other users. Not related to the admin users that will use INTERDUBS
ldap user password
The password of the ldap user in the ldap database.
ldap domain
The ldap domain for users using INTERDUBS . LDAPDOMAIN in the example below.
ldap message
The initial headline that will be displayed on the INTERDUBS admin screen, so that admins are aware that they have to use their ldap credentials.
ldap log in logic
Here in pseudo code the logic if a login validation. The user has entered USER and PASS and INTERDUBS has been configured with valid access to your ldap system as described above.
IF USER does NOT contain a @ AND LDAPDOMAIN is NOT empty THEN append @ and LDAPDOMAIN to the USER
Since allows people to either enter they user name or user@domain email.
FIND first record that has userPrincipalName set to USER
The system tries to locate a user with userPrincipalName set to USER. If the system finds a record then it proceeds below at PASSWORD VALIDATION. If there is no record with userPrincipalName set to USER, then it tries to
FIND first record that has mail set to USER
If a record gets found then the system will retrieve the userPrincipalName to use it below for PASSWORD VALIDATION.
If no record exists for this either then the system shows an error message
LDAP your-segment-name: user name could not be found
The error will get logged under failed login attempts and the system will exit.
PASSWORD VALIDATION
If the system did find a record then it will try to validate the record identified by the userPrincipalName and the PASS.
If this works then the system checks if a login with the login email set to USER already exists or not in INTERDUBS. If it does not then it will get created in the system.
If it does not authenticate then the system will display a message
LDAP your-segment-name: pwd wrong
and the failed attempt will get logged.