11.5. Active Directory (AD) / LDAP

The users in IntegraXor can be configured to get authentication through a directory service rather than using the built-in method. When using one of these methods, passwords are able to be managed externally and kept synchronised with a directory service. Basically, a user would only need to remember their own directory service password to login.

Active Directory (AD) is a directory service that Microsoft developed for Windows domain networks and is included in most Windows Server operating systems as a set of processes and services. (more info)

Lightweight Directory Access Protocol (LDAP) is an application protocol used over an IP network to manage and access the distributed directory information service. (more info)

[Note] Note

These services would need to be configured and running before it can be used for authentication. This guide will NOT help with configuring the AD or LDAP directory services.


User AD/LDAP Configuration

[Important] Important

Before configuring for AD or LDAP, the user would need to be configured based on all previous sections in Security. This guide will only explain the added configurations.


The configuration for AD / LDAP would have to be changed within the User Configuration. Configuring AD or LDAP is similar to configuring a normal built-in user with the inclusion of the the server configurations and the exclusion of the password. Passwords will be authenticated during the login process in the front end, so it is not needed in the configuration process. The following table explains the added parameters.

Username

AD : The username is used as the reference during authentication with the server. It does NOT have to be the same as the Name parameter.

[Important] Important

Do not use [email protected] Please separate the domain name into the Domain field.


LDAP : This would be the Distinguished Name (DN) to bind. Usually a set of relative distinguished names (RDN) in the form attribute=value and comma separated.

cn=user,dc=example,dc=com

Host/Domain

AD : Domain name of the directory service.

LDAP : Host name followed by the port number separated with a colon.

localhost:389
127.0.0.1:389

[Important] Important

The Username and Host/Domain must be in the correct form and must be valid to allow proper authentication.


LDAP Login

Upon logging in, the users would need to use the name set in the Name parameter as the username and use their own directory service password in the password field.