LDAP

[Image: LDAP]

LDAP

Enables users to login using their LDAP accounts.

Ldap

Description

The LDAP is an open,industry standard application protocol to access and to maintain distributed directory information services over an Internet Protocol (IP) network. Directory services play an important role in developing intranet and Internet applications as it ensure the sharing of information on users, systems, networks, services, and applications throughout the network. A common use of LDAP is to provide a common place to store usernames and passwords. This allows many different applications and services to connect to the LDAP server to validate users.

Features / Benefits

  • Allows any user to login with given LDAP accounts.
  • No need of creating separate credential for everyone.
  • Rather than managing user lists for each one within an organization, LDAP can be used as a central directory accessible from anywhere on the network.
  • Saves lot of time and effort as their is no need to create separate credentials for each member.
  • Easy and secure way which protects the information efficiently.

How to use

  • Click LDAP settings on admin side apps page for configure.

    Auto Archive cards

  • Give all configuration details to configure.

    Auto Archive cards

  • Click update button to save the LDAP configuration.

    Auto Archive cards

  • After that LDAP will be activated, you can check with LDAP login credentials.

    Auto Archive cards

  • Here it's the dashboard for logged in user.

    Auto Archive cards

What do I Need?

Allows any user in an organization to login with LDAP account, no need to create individual credentials for everyone.
Assures Information security as LDAP, sensitive data can be protected from prying eyes.
LDAP servers usually provide at least access and error log files. So, the administrators can easily track any issues in directory environment and troubleshoot any problems that may arise.
LDAP has broad industry support.
A well-defined client Application Programming Interface (API) which gives the administrator with flexibility to deploy the database best suited for the type of information the server is to disseminate.
Saves valuable and productive by minimising manual works like creating individual credentials for each member in an organization.

My Problems

Wasting a lot of time for generating credentials for each and every members in the Organization.
Struggles with securing confidential informations or datas.
Difficult for administrators to track and troubleshoot any problems or issues arose in the directory.

IONCUBE installation steps

  1. Download the ioncube by executing wget https://downloads.ioncube.com/loader_downloads/ioncube_loaders_lin_x86-64.zip
  2. Unzip the IONCUBE loader by executingunzip ioncube_loaders_lin_x86-64.zip and goto the ioncube folder by cd ioncube
  3. Check your PHP version by executing php -v
  4. Run the comand php -i | grep extension_dir and it will give the path to the php_modules
  5. Move your PHP version ioncube loader ioncube_loader_lin_##PHP_VERSION##.so files to php_modules by running the command cp ioncube_loader_lin_##PHP_VERSION##.so ##php_modules_path##
  6. Open the php.ini file by vi /etc/php/##PHP_VERSION##/fpm/php.ini
  7. Add this line zend_extension = ##php_modules_path##/ioncube_loader_lin_##PHP_VERSION##.so
  8. After adding please restart the php by systemctl restart php##PHP_VERSION##-fpm and nginx by systemctl restart nginx

Installation Steps

  1. Purchase LDAP App
  2. Goto Restyaboard installation root directory.e.g., directory: /usr/share/nginx/html/restyaboard/
  3. Unzip the purchased LDAP app into your root directory
  4. Provide file permission to unzipped files located in client/apps/r_ldap_login/ pathe.g., chmod -R 0777 client/apps/r_ldap_login/
  5. Execute the r_ldap_login.sql in your Restyaboard database, located in client/apps/r_ldap_login/sql/ directory
  6. Execute the sql command UPDATE users SET is_ldap = 't' WHERE email = '##USER_EMAIL##'` by changing ##USER_EMAIL## for changing existing users as ldap users
  7. Configure LDAP on http://{YOUR_SERVER_NAME}/#/apps/r_ldap_login path in your Restyaboard server.

    Configuration details

    1. Enable SSL Connectivity - Enable your ssl connectivity true or false
    2. Server - Enter your Server number
    3. Port - Enter your port number
    4. Protocol Version - Enter your protocol version
    5. Base DN - Enter your base DN
    6. Account Filter - Enter your account Filter
    7. Advanced Filter - Enter your advanced Filter
    8. Bind DN - Enter your bind bn
    9. Bind password - Enter your bind password
    10. Import User - click the import user button to import all LDAP users.
    11. Don't send welcome email - click the 'Don't send welcome email' only if you don't want to send welcome email to the added user.
  8. Finally, clear the browser cache, login with LDAP login credentials to login.

Demo Video

  1. Please see the video from the video link for installation of the LDAP login plugin.
  2. Please see the video from the video link for configuration of the Ldap login plugin.

FAQs

1. How secure is LDAP?

The LDAP protocol is by default and ensures decent security. LDAPS on the other hand is much secure by default as long as proper ciphers are negotiated.

2. How is the user password stored?

User password is stored by using PHP Crypt Hash Functions.