Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

Open-AudIT can be configured to use LDAP servers (Microsoft Active Directory and/or OpenLDAP) to authenticate and authorize a user and in addition, to create a user account in Open-AudIT using assigned roles and orgs based on LDAP group membership.

How Does it Work?

Summaries are a single query against the database with a 'group by' command. Using this simple method we can easily create a summary for virtually any attribute.

We no longer require a separate report for each 'type' of a device. We now simply have a summary that groups by 'system.type' and shows the result. You can then click on a given type from the list and see the matching devices. In this case, one Summary replaces (potentially) 78 reports (there are 78 device types).

A summary is different to a query in that a summary is designed to group items by a given attribute then provide a 'click through' link to the actual devices. A query is simply a list of items with no further links. As above - this of a Summary as a combined "report + subreport", whereas a query is simply a single Report.

Summaries have a different 'collection' template to the other resources within Open-AudIT. This template shows the Summary as you would expect and also shows buttons with counts of other resources. This page is designed to be the HomePage of Open-AudITIf using Active Directory, you do not need to populate the user_dn or user_membership_attribute attributes. These are used by OpenLDAP only.


If the user logging on to Open-AudIT does not have the access to search LDAP, you can use another account which does have this access. Use the dn_account and dn_password to configure this.

Examples:

If you need to configure OpenLDAP access for your users and a given users access DN is normally uid=username@domain,cn=People,dc=your,dc=domain,dc=com then you should set base_dn to dc=your,dc=domain,dc=com and user_dn to uid=@username@@domain,cn=People. The special words @username and @domain will be replaced by the login details provided by your user on the login page.

If you need to configure Active Directory access, you can usually use the example of cn=Users,dc=your,dc=domain,dc=com for your base_dn. here is no need to set user_dn.

These are only examples. You may need to adjust these attributes to suit your particular LDAP.


 

If you are using Open-AudIT Professional or Enterprise and you enable LDAP and you wish for user accounts to be automatically created at logon, you must edit the (text) file:

 

Linux – /usr/local/omk/conf/opCommon.nmis

 

Windows – c:\omk\conf\opCommon.nmis

 

And ensure that auth_method_1 is set to openaudit.


Creating a LDAP Server Entry

A summary LDAP Server can be created using the web interface if a user has a role that contains the summariesldap_servers::create permission. Go to menu: Manage Admin -> Summaries Ldap Servers-> Create SummariesLdap Server. There is also a create button on the collection page.

When viewing a summary, a default set of columns are provided - name, count, and view. The Name column is the name of the column you are grouping devices by. IE - In the Manufacturer Summary, the name column would be the system.manufacturer column from the database. The count is the number of devices with this attribute and the view is a button to view those particular devices.

There is also an option to provide additional columns for viewing. In the case of the Software Summary, you can see we also provide the software name and version. These are not shown on the initial summary page but rather added to the list of attributes shown when viewing the next page. IE - Show me the actual devices with MS Office installed. This page will also show the are name and version in addition to the default columns.

Image Removed

 

Image RemovedImage Removed


Image Added


Image Added

View a LDAP Server Details

Go to menu:  Manage   Admin -> Summaries Ldap Servers-> List SummariesLdap Servers.

You will see a list of summariesLdap Servers. You can view the details of a summary Ldap Server by clicking on the blue view icon.You can execute the summary and see the results by clicking the Execute icon in blue on the right side of the screen.

You can also edit or delete the summaryentry.


 Image Added

 


Database Schema

The database schema

...

can

...

be found in the application

...

is the user has database::read permission by going to menu:

...

Admin -> Database -> List

...

Tables, then clicking on the

...

Code Block
themeEclipse
languagetext
CREATE TABLE `ldap_servers` (
  `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
  `name` varchar(200) NOT NULL DEFAULT '',
  `org_id` int(10) unsigned NOT NULL DEFAULT '1',
  `description` text NOT NULL,
  `lang` varchar(200) NOT NULL DEFAULT 'en',
  `host` varchar(200) NOT NULL DEFAULT '',
  `port` varchar(200) NOT NULL DEFAULT '385',
  `secure` enum('y','n') NOT NULL DEFAULT 'n',
  `domain` varchar(200) NOT NULL DEFAULT '',
  `type` enum('active directory','openldap') NOT NULL DEFAULT 'active directory',
  `version` int(1) unsigned NOT NULL DEFAULT '3',
  `base_dn` varchar(200) NOT NULL DEFAULT '',
  `user_dn` varchar(200) NOT NULL DEFAULT '',
  `user_membership_attribute` varchar(200) NOT NULL DEFAULT 'memberUid',
  `use_roles` enum('y','n') NOT NULL DEFAULT 'n',
  `dn_account` varchar(200) NOT NULL DEFAULT '',
  `dn_password` varchar(250) NOT NULL DEFAULT '',
  `refresh` int(10) unsigned NOT NULL DEFAULT '24',
  `refreshed` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
  `edited_by` varchar(200) NOT NULL DEFAULT '',
  `edited_date` datetime NOT NULL DEFAULT '2000-01-01 00:00:00',
  PRIMARY KEY (`id`)
) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8;

A typical entry looks as below.

Code Block
themeEclipse
languagetext
					   id: 8
                     name: My Business
                   org_id: 1
              description: LDAP
                     lang: en
                     host: 192.168.1.200
                     port: 389
                   secure: y
                   domain: ldap.mybusiness.com
                     type: active directory
                  version: 3
                  base_dn: 
                  user_dn: 
user_membership_attribute: memberUid
                use_roles: n
               dn_account: nmis
              dn_password: znfN8ixkwOqEmtEaDJocqZ/5hyIQi3Ih2NuJLBt/SAniG5p4uqN4qJbJCsFT1BNIvgWSRR3XBhFqXjf1jCxghg==
                  refresh: 24
                refreshed: 2000-01-01 00:00:00
                edited_by: Open-AudIT Enterprise
              edited_date: 2017-05-22 03:30:39

details button for the table.


API / Web Access

You can access the

...

collection using the normal Open-AudIT JSON based API. Just like any other collection. Please

...

see The Open-AudIT API documentation for further details

...

Access is provided as part of a roles permissions. Summaries is a standard resource and can have create, read, update and delete permissions.

...

.

...

API Routes

Request Method
ID
Action
Resulting Function
Permission Required
URL Example
Notes
Example Response
POSTn createsummaries::create/summariesInsert a new summaries entry.summary_create.json
GETy readsummaries::read/summaries/{id}Returns a summaries details.summary_read.json
PATCHy updatesummaries::update/summaries/{id}Update an attribute of a summaries entry.summary_update.json
DELETEy deletesummaries::delete/summaries/{id}Delete a summaries entry.summary_delete.json
GETn collectionsummaries::read/summariesReturns a list of summaries.summary_collection.json
POSTnimportimportsummaries::create/summaries/importImport multiple connections using a CSV. 
GETyexecuteexecutesummaries::read/summaries/{id}/executeExecute (run) a summary and show the result.summary_execute.json

Web Application Routes

Request Method
ID
Action
Resulting Function
Permission Required
URL Example
Notes
GETncreatecreate_formsummaries::create/summaries/createDisplays a standard web form for submission to POST /summaries.
GETyupdateupdate_formsummaries::update/summaries/{id}/updateShow the summaries details with the option to update attributes using PATCH to /summaries/{id}
GETnimportimport_formsummaries::create/summaries/importDisplays a standard web form for submission to POST /summaries/import.

 

 

...