Table of Contents |
---|
Purpose
...
Key | Description | Example | Comment |
---|---|---|---|
auth_htpasswd_file | Location of the password file | ||
auth_htpasswd_encrypt | plain text passwords are checked ONLY if encmode is 0 or 'plaintext' |
ldap
The Opmantek products will use the configured LDAP server to perform authentication.
...
Key | Description | Example | Comment |
---|---|---|---|
auth_ms_ldaps_server | MS-LDAPS Server Name | host[:port] | No defaults. Entry must be created. |
auth_ms_ldap_acc | Account Name | The MS-LDAP Distinguished Name (DN)/account to bind with | |
auth_ms_ldap_psw | Account Password | The password associated with the above MS-LDAP account. The entry must be created. | |
auth_ms_ldap_base | Base Context | dc=corp,dc=opmantek,dc=com | Base context to search from. |
auth_ms_ldap_attr | MS-LDAP Attributes | sAMAccountName | The MS-LDAP attribute(s) to match to username. |
auth_ms_ldap_group | Checks if the user logging in is associated with the defined group. | Sales, SNMPSIM, GPON | Must follow: CN=OMK Ops,CN=Users,DC=opmantek,DC=local |
novell-ldap
-- Deprecated --
apache
Apache will perform authentication and provide an authenticated user to Opmantek , which will have products with all the authorisation policies applied.
...
Key | Description | Example | Comment |
---|---|---|---|
auth_cw_server | IP address of the ConnectWise Server | 1.2.3.4 | No defaults. Entry must be created. |
auth_cw_company_id | The company name in ConnectWise | COMPANY | |
auth_cw_public_key | The ConnectWise Public Key | xxxxxxXXXXXxxxxx | |
auth_cw_private_key | The Private Key associated with the above Public Key | yyyyyYYYYYyyyyy |
crowd
openaudit
...
The Opmantek products use OKTA's OpenID Connect for authentication. In the authentication > auth_method_1 entry of opCommon.will use the Atlassian Crowd authentication. Use Crowd to assign additional groups to a user and define each service that requires authentication as an application in Crowd.
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
username | User name | username | |
password | Password | password | |
name | remote address | remote_address | |
value | 127.0.0.1 |
openaudit
Open-AudIT can use Active Directory and/or OpenLDAP for user authentication and/or authorisation. Open-AudIT will query both types of LDAP servers to validate a user's username and password and retrieve the user details (roles and orgs the user has access to). The user will be automatically created when they are authenticated.
openid_connect
Opmantek products use OKTA's OpenID Connect for authentication. In the authentication > auth_method_1 entry of opCommon.json, use the openid_connect. For more information, see OKTA OpenID authentication.
Following are the configuration items in opCommon.json:
Key | Description | Example | Comment |
---|---|---|---|
type | Authentication type | okta | The authentication type shall be "okta". |
url | URL for your subdomain | https://YOUR_SUBDOMAIN.okta.com/oauth2/default/v1/token | Replace only the text in red with your subdomain name. |
password | Password | password | The password shall remain "password", since the Opmantek's internal password field is mapped to the one returned by the OKTA service. |
username | User name | username | The user name shall remain "username", since the Opmantek's internal username field is mapped to the one returned by the OKTA service. |
client_id | The user's client ID | Enter the user's client ID. | |
client_secret | The user's client secret | Enter the user's client secret. | |
grant_type | password | This grant type shall be "password". | |
scope | openid | The scope shall be "openid". |
...
Key | Description | Example | Comment |
---|---|---|---|
auth_radius_server | The Radius Server Name | host:port | No defaults. Entry must be created. |
auth_radius_secret | Also known as the Key | secret |
...
tacacs
The Opmantek products will use the configured TACACS+ server (for example, Cisco ACS).
...
The Opmantek products support a new authentication method called token,
which offers delegated authentication. This enables an external party to pre-authenticate a user, who can access the Opmantek products without having to log in with username and password.
...