Sie sind auf Seite 1von 4

Welcome to LogPoint video tutorial. Today we are going to demonstrate how to login as a LDAP user. Well LDAP is ubiquitous.

Virtually every major server operating system is delivered with an LDAP complaint directory server. We provide the simplest way to fetch the data from LDAP as per your requirement. Without further ado, lets head on into its configuration setting. (Here we are logged in as admin. By now you must be quite used to with our system. So, we will only be dealing with all features related to LDAP only.) Basically LDAP user login consists of 4 steps 1. First and the most forgotten of all is to enable LDAP Authentication in our system. To enable LDAP Authentication we go into Settings >> System Settings. Here in logpoint setting you need to check the LDAP Authentication otherwise the system doesn't allow LDAP users to login. So always remember to check if the LDAP Authentication is enabled or not.() 2.Now we move on to the creation of LDAP strategy where all the server settings are stored which binds LogPoint to the LDAP server. => The LDAP strategy is located in Settings (>> User) >> LDAP Strategies. In the LDAP Strategies previously created ldap strategy are listed out with few of its information which includes its description, the LDAP server host IP or domain name, the port through which it communicates and under which tenant the strategy lies. On our action column we have action buttons. i. The LDAP Group mapping which is used to map the LDAP Group to our User Group. At the moment you might be wandering what is this mapping. Don't worry about it we'll get into it right after the settings has been configured. ii. Then we have the strategy state i.e. activated or deactivated state. The ticked green mark indicates the strategy is in active state. You can change the state if you don't feel the need to use it. iii. Finally we have the delete. If you feel the strategy has fulfilled its goal then you can simply delete it. Remember deleting the strategy also deletes the users related to the strategy which we'll demonstrate later on. Now lets add a LDAP strategy. We do it by clicking on Add LDAP Strategy. It opens the form to fill in the LDAP settings. Here fill in a unique name and description of the strategy in the LDAP Strategy Information section. Now lets fill in the LDAP Connection Settings section. In the host you fill in the LDAP server IP address or the domain name of the server. In the port you fill in the port number through which logpoint communicates with the LDAP server. By default, the port is specified as 389

for normal usage. But if you require a secured connection then you can check the "Enable SSL?" check box which encrypts the data fetched from the LDAP server. By default the port for SSL connection is 636. In our system, the combination of host and port should be unique i.e. it cannot be repeated in another strategy. Now onto the Bind DN. The Bind Distinguished name is basically the username of the LDAP server. It is the login credential that our application use to login into the LDAP server. The DN that we are gonna use is .. Its quite lengthy. It might be useful if we know a bit about DN and its structure. Here we have the LDAP Tree structure of the data in our LDAP server. The Root node consist of the Domain name which is read as DC=logpoint and DC=nepal where dc means domain component. There are two branches to the root node. One is the OU=Dev-users which represents our user collections and another is OU=Dev-groups which represents the LDAP Group. In both the users and groups we have CN=followed by a name and group name respectively. Here it represents the relatively distinguished name used in the server for reference. Below we have also kept an entry in the LDAP server. It contains a DN followed by its relative DN, email address, telephone number and other personal details. Here, I just need to inform you about the memberOf and objectClass. Since, these are going to be used in our settings. memberOf is an attribute of the entry "ajan". This represents the fact that ajan user is a member of the group support. We could have only specified the relative DN support which would have meant the same thing. Other users might be memberOf other groups. Mostly users around the world use memberOf but you can customize it and use belongsTo or as your preference. But just remember the attribute name. Its the attribute name that has to be entered into our settings. This goes the same to objectClass. This is used as a filter in our settings. So with these you should now have a good insight of how LDAP data are structured. Now lets head back the settings. In our User Settings section, we fill in the user node followed by the root node. This includes all the users under the Dev-users node. In group member attribute we use memberOf or other as you have customized. The only thing to remember is that it represents the information of the ldap group the user belongs to. In group settings, we fill in the group node followed by the root node. This includes all the groups under Dev-groups. The member Attribute is similar to the user member attribute but its rarely used. We have completed the general settings now lets move on to the advanced settings. Here, we again have the User Settings and Group Settings. The User Base DN and Group Base DN is the same as before. Now we have the User Name Attribute (.).

In Filter we use objectClass=user. Like I mentioned earlier you can customize as you like. Before filling in the two let me explain the group settings. Her e the group name attribute() . If you check the use DN to represent Member it uses the whole DN but you can also use the relative DN. The filter works exactly the same way as in user settings. Now we move into the feature that controls how you login into LogPoint as a LDAP user. If you check the use DN Authentication, then you will have to use the whole DN as username to login. Its quite cumbersome to use the DN evertyime you login so we have two options the Sam Account Name for the LDAP server hosted in Windows and UID for those hosted in linux. We'll demonstrate logging in using the Sam Account Name. So what are we waiting for lets login using DN "the primitive type" for the first login case. Submit your settings. Let me tell you all the settings that you have provided here might not the correct. We validate the necessary settings and if any of the information is incorrect we notify with the error. You don't have to worry about starting all over again. You can simply save the settings for now and later on correct the settings and login. Oh yes!! our LDAP settings has been created.

3. Now we need to complete one final step before login and that is to map the ldap group to the usergroup of our application. For that we click the two arrow key. It takes us into the LDAP User Groups page where the LDAP group from LDAP server are listed. Here we group the ones that we require to our usergroup. Remember the ldap group under which you have made your ldap user a memberOf. If you map the wrong ldap group then your ldap user cannot login as it doesn't find the required mapping. So make sure of the correct ldap group. We know we have mapped the ldap user ajan under support so lets map this ldap group to an usergroup. What this mapping does is that the ldap user that eventually logins incorporate the usergroup settings as specified in this mapping. This is how the ldap user gets the user settings. 4. Now with that done finally its time to login. We'll be using the Incognito feature of Chrome for LDAP user login to show the ldap user creation and its immediate updates on the admin side. So let me keep the tab in user >> LDAP users which is empty at the moment. Now to login we have specified to use DN as our username so lets use it . Enter the password. The authentication takes place and we have successfully logged in as a ldap user. Now, lets check the ldap user listing . Refresh

and we've got the ldap user. (Yes you can alter the data just like other users). But now lets use the less cumbersome username. The Sam account name. Enter the password. uncheck the use Dn and select the SAm account name and submit. Now onto the login page.Here we enter the sam account name, the password and we have successfully logged in. Lets verify its the same person or not. The name and username is the same. so it must be the same person. also onto the ldap user list name . no changes. so this is how ldap users are logged in. Finally if you do decide to delete the ldap strategy. delete .. yes .. like i said before the user setting is also deleted. lets verify .. ldap users and the user is gone. So now you know all the nitty-gritty stuff related to ldap settings, its attributes .. use the advanced settings. We hope to provide more features.