Administration Help Desk
  Download PDF

1. Overview

The purpose of this web application is to provide an easy to use interface for the most common “tier 1” support task, typically performed by a Help-Desk function in a company IT organization.

This Web application is designed for internal (corporate) use and includes several self-management features like:

  • Activate users for OpenOTP use
  • View and manage account information such as email, mobile phone numbers, etc…
  • Reset LDAP password
  • Send password reset or token registration links
  • Enrol, re-synchronize and test a Software / Hardware Token or Yubikey
  • Manage user certificates
  • Manage SSH keys (SpanKey)

Administration Help Desk web application must be installed on your WebADM server(s) and can be accessed through WAProxy or another reverse-proxy configured with WebADM.

2. Installations

The installation of the Administration Help Desk is straightforward and only consists of running the self-installer or installing it from the RCDevs repository.

2.1 RedHat Repository of RCDevs

On a RedHat, CentOS or Fedora system, you can use our repository, which simplifies updates. Add the repository:

yum install http://rcdevs.com/repos/redhat/base/rcdevs_release-1.1.0-1.noarch.rpm

Clean yum cache and install the Administration Help Desk (HelpDesk):

yum clean all
yum install helpdesk

The Administration Help Desk application is now installed.

2.2 Debian Repository of RCDevs

On a Debian system, you can use our repository, which simplifies updates. Add the repository:

wget https://www.rcdevs.com/repos/debian/rcdevs-release_1.1.0-1_all.deb
apt-get install ./rcdevs-release_1.1.0-1_all.deb

Clean cache and install the Administration Help Desk (HelpDesk):

apt-get update
apt-get install helpdesk

The Administration Help Desk application is now installed.

2.3 Self-Installer

Download the Administration Help Desk package from the RCDevs website, copy it on your WebADM server(s) and run the following commands:

[root@webadm1 tmp]# gunzip HelpDesk-1.0.0.sh.gz
[root@webadm1 tmp]# sh HelpDesk-1.0.0.sh 
HelpDesk v1.0.0 Self Installer
Copyright (c) 2010-2018 RCDevs SA, All rights reserved.
Please report software installation issues to bugs@rcdevs.com.

Verifying package update... Ok
Install HelpDesk in '/opt/webadm/webapps/helpdesk' (y/n)? y
Extracting files, please wait... Ok
Removing temporary files... Ok
HelpDesk has been successfully installed.

Administration Help Desk is now installed and can be configured under the WebADM Admin GUI.

3. Administration Help Desk Configuration

Once the package is installed, the web application must be enabled and configured in WebADM. Log into WebADM as an Administrator user and navigate to Applications Tab > Self-Service > Administration Help Desk (HelpDesk) > REGISTER.



Next click CHECK to set the mandatory settings and review/adjust the defaults.


The setting AdminGroups must be configured before the application can be used. It is specific to each deployment so there is no default value.

Navigate to Applications Tab > Self-Service > Administration Help Desk (HelpDesk) > CONFIGURE to set the mandatory settings and review/adjust the defaults.

Add the Group in Admin Groups Setting

In order for users of a Group to be able to connect to the Administration Help Desk, the Group must be included in the General Setting Admin Groups of Administration Help Desk.

Unconfigure General User Search Base

When defining the Administration Help Desk access per group, you must untick the User Search Base to deactivate it in General settings of Administration Help Desk. Without this, this will include in the results the users of the general User Search Base setting.

Since the Administration Help Desk application provides administrative access to the system, it is strongly advised to limit the access to it only to trusted networks and to protect the login with a second factor. With this in mind, the application can be published through the WebADM Publishing Proxy for with the setting Publish on WAProxy. This setting is only available when WAProxy is configured with WebADM. Have a look at this documentation to setup WAProxy.

3.1 Mandatory Setting

The setting AdminGroups must be configured before the application can be used. It is specific to each deployment so there is no default value.

Navigate to Applications Tab > Self-Service > Administration Help Desk (HelpDesk) > CONFIGURE.


Admin Groups: To log in to the Administration Help Desk, the user must belong to a group configured in the Admin Groups Setting. You can have more than one group here and a user can be a member of multiple groups.


3.2 WebApplication Settings

Change the look of the Administration Help Desk with custom CSS File. Simply add the new customized CSS files and additional custom resources under /opt/webadm/lib/htdocs/custom/.


3.3 Main Config

User Search Scopes: This setting defines which parts of the LDAP directory are searchable and visible in the Administration Help Desk.

Unconfigure General User Search Base

When defining the Administration Help Desk access per group, you must untick the User Search Base to deactivate it in General settings of Administration Help Desk. Without this, this will include in the results the users of the general User Search Base setting.


User Search Attributes setting is also mandatory, but it has a default value. This setting defines the LDAP attributes which are searched when you perform a user search in Administration Help Desk. You should adjust it to match what attributes are relevant for search in your LDAP directory.

3.3.1 Defining Administrative Help Desk Access per Group

An alternative to the general settings (i.e. a list of groups/users which can all manage the same list of users) is to allow specific groups to access specific users OU.

Add the Group in Admin Groups Setting

In order for users of a Group to be able to connect to the Administration Help Desk, the Group must be included in the General Setting Admin Groups of Administration Help Desk.

For each group, you can then configure the User Search Group setting.


The setting in this example would restrict the members of cn=helpdesk-internal to only see and manage the users under ou=Internal,o=root.

3.4 Other Settings

The settings under Allowed features define what actions are possible from the Administration Help Desk:


The settings under OTP Token Management define the types of OTP tokens which can be registered through Administration Help Desk and what is the default token type for registration:


The settings under Emergency OTP Management define the Emergency OTP availability and duration when” registered through Administration Help Desk :


The settings under SSH Key Management define what types of SSH keys can be registered through the Administration Help Desk:


4. LDAP Permissions

Actions done from the Administration Help Desk application are executed with the proxy_user to the LDAP directory, or with Login DNuser permissions in case of LDAP Mount Point. Please see the [proxy_user rights document] (/../howtos/proxy_user/proxy_user_rights/) for further details.

5. Token Enrollment

The HelpDesk application is accessible via the following address:

https://YOUR_WEBADM/webapps/helpdesk/login_uid.php

and through the WAPRoxy it is:

https://YOUR_WAPROXY/helpdesk/login_uid.php

5.1 Software Token Registration

Log in to the HelpDesk application.

Select the user you want to register a Software Token.

Go to OTP tab. At the bottom of the page, click in Add a Token.

On the next page, click under Software Token Add Token.

Then scan the QRCODE to register your Software Token.

Finally, you will see the Software Token that you have just registered in the user’s OTP tab.

5.2 Hardware Token Registration

Log in to the HelpDesk application.

Select the user you want to register a Hardware Token.

Go to OTP tab. At the bottom of the page, click in Add a Token.

On the next page, click under Hardware Token Add Token.

Then enter the serial of your inventoried Token and click in Register.

Finally, you will see the Hardware Token that you have just registered in the user’s OTP tab.

5.3 YubiKey Registration

Log in to the HelpDesk application.

Select the user you want to register a YubiKey.

Go to OTP tab. At the bottom of the page, click in Add a Token.

On the next page, click under YubiKey Add Token.

Plug the YubiKey in a USB port on your computer. Then press the button of inventoried YubiKey to finish the registration.

Finally, you will see the YubiKey that you have just registered in the user’s OTP tab.