Lightweight Directory Access Protocol (LDAP) is a software protocol that enables anyone to locate data about organizations, individuals, and other resources such as files and devices in a network. The network can be on the public internet or a corporate intranet.
To authenticate users from an LDAP database, Lumeta must be configured as an LDAP client and the implementation requires a server name and a base-distinguished name. For example, a group's server might be named "windows-ad1" and the base-distinguished name corresponding to the Active Directory domain called "dev.com" is "dc=dev,dc=com". Lumeta's LDAP configuration does not require anything else, but your particular environment may require the addition of other options.
The LDAP configuration page, located in Lumeta > Settings > Lumeta Systems > System Information > LDAP, has been enhanced to display the search string constructed from your entries for LDAP server url, Base DN, Bind DN and search filter. You will be able to see the final search string and see the results of running the string in the user interface.
| Enhanced in Lumeta 4.4 |
|---|
|
Workflow
Administrator can create new users at any time. The use of both Linux passwords and LDAP passwords is currently allowed. This means that not all users need to have records in LDAP.
- Administrator creates users
- Linux password is required
- Role or roles are required
- Username must be the same as the account name in LDAP
- Administrator configures LDAP authentication, providing hostname and a base distinguished name.
- Administrator enables LDAP authentication.
- Users can login using either Linux passwords or LDAP passwords.
- Administrator can disable LDAP at any time and users will still be able to login using Linux passwords.