...
- LDAP authentication must be set. See Configuring NMIS to use Active Directory Authentication (ms-ldap or ms-ldaps) and OMK Authentication Methods for further details.
Caveats
- Currently using this feature disables the use of the NMIS User Table completely. This will be enhanced to allow user local privileges and LDAP learnt privileges.
Configuration
Configuration items in opCommon.json
Item | Example Value | Description | Default |
---|---|---|---|
auth_ldap_privs | 0/1 | Set to 1 to enable the feature | 0 |
auth_ldap_context | CN=Users,DC=opmantek,DC=local | The base search | No defaults. Entry must be created. |
auth_ldap_acc | administrator@domain.local | The LDAP account to be able to search | No defaults. Entry must be created. |
auth_ldap_psw | Password | The password for being able to search | No defaults. Entry must be created. |
auth_ldap_group | memberOf | The attribute to lookup the group values. Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local | memberOf |
auth_ldap_server | server.domain.com:389 | The LDAP server | No defaults. Entry must be created. |
The mapping file
The mapping file by default, is named AuthLdapPrivs.json and it should be placed in <omk_dir>/conf.
...
It is possible to change the default location/name in the configuration file opCommon.json:
auth_ldap_privs_file
Integrating with MS-LDAP
For this to be successful with ms-ldap authentication, the following example below will guide you through the process. Note that in this example the LDAP base and context search has been set for the whole domain, you can tune as you need to be more tightly integrated.
Code Block | ||
---|---|---|
| ||
...
"authentication" : {
...
"auth_method_1" : "ms-ldap",
#First let's define the ms-ldap specific requirements
"auth_ms_ldap_attr" : "sAMAccountName",
"auth_ms_ldap_base" : "dc=contoso,dc=local",
"auth_ms_ldap_dn_acc" : "svc_omk_admin", # you should only need to use the username here, but if this is not successful, you can use username@domain as well.
"auth_ms_ldap_dn_psw" : "password_of_the_dn_acc_above",
"auth_ms_ldap_server" : "IP_ADDRESS_OF_YOUR_MS_LDAP_SERVER", #eg. 192.168.1.22
#Now we add in the ldap specific requirements, including enabling auth_ldap_privs
"auth_ldap_privs" : 1,
"auth_ldap_context" : "dc=contoso,dc=local",
"auth_ldap_acc" : "svc_omk_admin@contoso.local",
"auth_ldap_psw" : "password_of_the_auth_ldap_acc_above",
"auth_ldap_group" : "memberOf",
"auth_ldap_server" : "the_fqdn_of_your_ad_server:389"
|