Introduction
Open-AudIT can be configured to use LDAP servers (Microsoft Active Directory and/or OpenLDAP) to authenticate a user and in addition, to create a user account using assigned roles and orgs based on LDAP group membership.
How Does it Work?
Summaries are a single query against the database with a 'group by' command. Using this simple method we can easily create a summary for virtually any attribute.
We no longer require a separate report for each 'type' of a device. We now simply have a summary that groups by 'system.type' and shows the result. You can then click on a given type from the list and see the matching devices. In this case, one Summary replaces (potentially) 78 reports (there are 78 device types).
A summary is different to a query in that a summary is designed to group items by a given attribute then provide a 'click through' link to the actual devices. A query is simply a list of items with no further links. As above - this of a Summary as a combined "report + subreport", whereas a query is simply a single Report.
Summaries have a different 'collection' template to the other resources within Open-AudIT. This template shows the Summary as you would expect and also shows buttons with counts of other resources. This page is designed to be the HomePage of Open-AudIT.
Creating a LDAP Server Entry
A summary can be created using the web interface if a user has a role that contains the summaries::create permission. Go to menu: Manage -> Summaries -> Create Summaries. There is also a create button on the collection page.
When viewing a summary, a default set of columns are provided - name, count, and view. The Name column is the name of the column you are grouping devices by. IE - In the Manufacturer Summary, the name column would be the system.manufacturer column from the database. The count is the number of devices with this attribute and the view is a button to view those particular devices.
There is also an option to provide additional columns for viewing. In the case of the Software Summary, you can see we also provide the software name and version. These are not shown on the initial summary page but rather added to the list of attributes shown when viewing the next page. IE - Show me the actual devices with MS Office installed. This page will also show the are name and version in addition to the default columns.
View a LDAP Server Details
Go to menu: Manage -> Summaries -> List Summaries.
You will see a list of summaries. You can view a summary by clicking on the blue view icon.
You can execute the summary and see the results by clicking the Execute icon in blue on the right side of the screen.
You can also edit or delete the summary.
Database Schema
The schema for the database is below. It can also be found in the application if the user has database::read permission by going to menu: Manage -> Database -> List Database, then clicking on the "ldap_servers" table.
CREATE TABLE `ldap_servers` ( `id` int(10) unsigned NOT NULL AUTO_INCREMENT, `name` varchar(200) NOT NULL DEFAULT '', `org_id` int(10) unsigned NOT NULL DEFAULT '1', `description` text NOT NULL, `lang` varchar(200) NOT NULL DEFAULT 'en', `host` varchar(200) NOT NULL DEFAULT '', `port` varchar(200) NOT NULL DEFAULT '385', `secure` enum('y','n') NOT NULL DEFAULT 'n', `domain` varchar(200) NOT NULL DEFAULT '', `type` enum('active directory','openldap') NOT NULL DEFAULT 'active directory', `version` int(1) unsigned NOT NULL DEFAULT '3', `base_dn` varchar(200) NOT NULL DEFAULT '', `user_dn` varchar(200) NOT NULL DEFAULT '', `user_membership_attribute` varchar(200) NOT NULL DEFAULT 'memberUid', `use_roles` enum('y','n') NOT NULL DEFAULT 'n', `dn_account` varchar(200) NOT NULL DEFAULT '', `dn_password` varchar(250) NOT NULL DEFAULT '', `refresh` int(10) unsigned NOT NULL DEFAULT '24', `refreshed` datetime NOT NULL DEFAULT '2000-01-01 00:00:00', `edited_by` varchar(200) NOT NULL DEFAULT '', `edited_date` datetime NOT NULL DEFAULT '2000-01-01 00:00:00', PRIMARY KEY (`id`) ) ENGINE=InnoDB AUTO_INCREMENT=9 DEFAULT CHARSET=utf8;
A typical entry looks as below.
id: 8 name: My Business org_id: 1 description: LDAP lang: en host: 192.168.1.200 port: 389 secure: y domain: ldap.mybusiness.com type: active directory version: 3 base_dn: user_dn: user_membership_attribute: memberUid use_roles: n dn_account: nmis dn_password: znfN8ixkwOqEmtEaDJocqZ/5hyIQi3Ih2NuJLBt/SAniG5p4uqN4qJbJCsFT1BNIvgWSRR3XBhFqXjf1jCxghg== refresh: 24 refreshed: 2000-01-01 00:00:00 edited_by: Open-AudIT Enterprise edited_date: 2017-05-22 03:30:39
API / Web Access
You can access the /summaries collection using the normal Open-AudIT JSON based API. Just like any other collection. Please see the API documentation for further details.
Access is provided as part of a roles permissions. Summaries is a standard resource and can have create, read, update and delete permissions.
The API routes below are usable from both a JSON Restful API and the web interface. The Web application routes are specifically designed to be called from the web interface (a browser).
API Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes | Example Response |
---|---|---|---|---|---|---|---|
POST | n | create | summaries::create | /summaries | Insert a new summaries entry. | summary_create.json | |
GET | y | read | summaries::read | /summaries/{id} | Returns a summaries details. | summary_read.json | |
PATCH | y | update | summaries::update | /summaries/{id} | Update an attribute of a summaries entry. | summary_update.json | |
DELETE | y | delete | summaries::delete | /summaries/{id} | Delete a summaries entry. | summary_delete.json | |
GET | n | collection | summaries::read | /summaries | Returns a list of summaries. | summary_collection.json | |
POST | n | import | import | summaries::create | /summaries/import | Import multiple connections using a CSV. | |
GET | y | execute | execute | summaries::read | /summaries/{id}/execute | Execute (run) a summary and show the result. | summary_execute.json |
Web Application Routes
Request Method | ID | Action | Resulting Function | Permission Required | URL Example | Notes |
---|---|---|---|---|---|---|
GET | n | create | create_form | summaries::create | /summaries/create | Displays a standard web form for submission to POST /summaries. |
GET | y | update | update_form | summaries::update | /summaries/{id}/update | Show the summaries details with the option to update attributes using PATCH to /summaries/{id} |
GET | n | import | import_form | summaries::create | /summaries/import | Displays a standard web form for submission to POST /summaries/import. |