...
Open-AudIT can be configured to use LDAP servers (Microsoft Active Directory and/or OpenLDAP) to authenticate a user and in addition, to create a user account using assigned roles and orgs based on LDAP group membership.
How Does it Work?
Summaries are a single query against the database with a 'group by' command. Using this simple method we can easily create a summary for virtually any attribute.
We no longer require a separate report for each 'type' of a device. We now simply have a summary that groups by 'system.type' and shows the result. You can then click on a given type from the list and see the matching devices. In this case, one Summary replaces (potentially) 78 reports (there are 78 device types).
A summary is different to a query in that a summary is designed to group items by a given attribute then provide a 'click through' link to the actual devices. A query is simply a list of items with no further links. As above - this of a Summary as a combined "report + subreport", whereas a query is simply a single Report.
Summaries have a different 'collection' template to the other resources within Open-AudIT. This template shows the Summary as you would expect and also shows buttons with counts of other resources. This page is designed to be the HomePage of Open-AudITIf using Active Directory, you do not need to populate the user_dn or user_membership_attribute attributes. These are used by OpenLDAP only.
If the user logging on to Open-AudIT does not have the access to search LDAP, you can use another account which does have this access. Use the dn_account and dn_password to configure this.
Examples:
If you need to configure OpenLDAP access for your users and a given users access DN is normally uid=username@domain,cn=People,dc=your,dc=domain,dc=com then you should set base_dn to dc=your,dc=domain,dc=com and user_dn to uid=@username@@domain,cn=People. The special words @username and @domain will be replaced by the login details provided by your user on the login page.
If you need to configure Active Directory access, you can usually use the example of cn=Users,dc=your,dc=domain,dc=com for your base_dn. here is no need to set user_dn.
These are only examples. You may need to ajust these attributes to suit your particular LDAP.
Creating a LDAP Server Entry
...
API / Web Access
You can access the /summaries collection ldap_servers collection using the normal Open-AudIT JSON based API. Just like any other collection. Please see the API documentation for further details.
Access is provided as part of a roles permissions. Summaries Ldap Servers is a standard resource and can have create, read, update and delete permissions.
...
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes | Example Response |
|---|---|---|---|---|---|---|---|
| POST | n | createsummaries | ldap_servers::create | /summariesldap_servers | Insert a new summaries entrynew ldap server entry. | summary_create.json | |
| GET | y | read | summariesldap_servers::read | /summariesldap_servers/{id} | Returns a summaries detailsa ldap server details. | summary_read.json | |
| PATCH | y | update | summariesldap_servers::update | /summariesldap_servers/{id} | Update an attribute of a summaries entrya ldap server entry. | summary_update.json | |
| DELETE | y | deletesummaries | ldap_servers::delete | /summariesldap_servers/{id} | Delete a summaries ldap server entry. | summary_delete.json | |
| GET | n | collection | summariesldap_servers::read | /summariesldap_servers | Returns a list of summariesof ldap servers. | summary_collection.json | |
| POST | n | import | import | summariesldap_servers::create | /summariesldap_servers/import | Import multiple connections ldap servers using a CSV. | |
| GET | y | execute | execute | summaries::read | /summaries/{id}/execute | Execute (run) a summary and show the result. | summary_execute.json |
Web Application Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes |
|---|---|---|---|---|---|---|
| GET | n | create | create_form | summariesldap_servers::create | /summariesldap_servers/create | Displays a standard web form for submission to POST /summariesldap_servers. |
| GET | y | update | update_form | summariesldap_servers::update | /summariesldap_servers/{id}/update | Show the summaries ldap server details with the option to update attributes using PATCH to /summariesldap_servers/{id} |
| GET | n | import | import_form | summariesldap_servers::create | /summariesldap_servers/import | Displays a standard web form for submission to POST /summariesldap_servers/import. |