Administration Help Desk
  Download PDF

1. Overview

Note

This web application is in the beta testing stage.

The purpose of this web application is to provide an easy to use interface for the most common “tier 1” support task, typically performed by a Help-Desk function in a company IT organization.

This Web application is designed for internal (corporate) use and includes several self-management features like:

  • Activate users for OpenOTP use
  • View and manage account information such as email, mobile phone numbers, etc…
  • Reset LDAP password
  • Send password reset or token registration links
  • Enrol, re-synchronize and test a Software / Hardware Token or Yubikey
  • Manage user certificates
  • Manage SSH keys (SpanKey)

Administration Help Desk web application must be installed on your WebADM server(s) and can be accessed through WAProxy or another reverse-proxy configured with WebADM.

2. Installations

The installation of the Administration Help Desk is straightforward and only consists of running the self-installer or installing it from the RCDevs repository.

2.1 RedHat Repository of RCDevs

On a RedHat, CentOS or Fedora system, you can use our repository, which simplifies updates. Add the repository:

yum install https://www.rcdevs.com/repos/redhat/rcdevs_release-1.0.0-0.noarch.rpm

Clean yum cache and install the Administration Help Desk (HelpDesk):

yum clean all
yum install helpdesk

The Administration Help Desk application is now installed.

2.2 Debian Repository of RCDevs

On a Debian system, you can use our repository, which simplifies updates. Add the repository:

wget https://www.rcdevs.com/repos/debian/rcdevs-release_1.0.1-0_all.deb
apt-get install ./rcdevs-release_1.0.1-0_all.deb

Clean cache and install the Administration Help Desk (HelpDesk):

apt-get update
apt-get install helpdesk

The Administration Help Desk application is now installed.

2.3 Self-Installer

Download the Administration Help Desk package from the RCDevs website, copy it on your WebADM server(s) and run the following commands:

[root@webadm1 tmp]# gunzip HelpDesk-1.0.0.sh.gz
[root@webadm1 tmp]# sh HelpDesk-1.0.0.sh 
HelpDesk v1.0.0 Self Installer
Copyright (c) 2010-2018 RCDevs SA, All rights reserved.
Please report software installation issues to bugs@rcdevs.com.

Verifying package update... Ok
Install HelpDesk in '/opt/webadm/webapps/helpdesk' (y/n)? y
Extracting files, please wait... Ok
Removing temporary files... Ok
HelpDesk has been successfully installed.

Administration Help Desk is now installed and can be configured under the WebADM Admin GUI.

3. Administration Help Desk Configuration

Once the package is installed, the web application must be enabled and configured in WebADM. Log into WebADM as an Administrator user and navigate to Applications Tab > Self-Service > Administration Help Desk (HelpDesk) > REGISTER. Next click CONFIGURE to set the mandatory settings and review/adjust the defaults.

Since the Administration Help Desk application provides administrative access to the system, it is strongly advised to limit the access to it only to trusted networks and to protect the login with a second factor. With this in mind, the application can be published through the WebADM Publishing Proxy for with the setting Publish on WAProxy. This setting is only available when WAProxy is configured with WebADM. Have a look at this documentation to setup WAProxy.

3.1 Mandatory Setting

One setting must be configured before the application can be used. It is specific to each deployment so there is no default value:

Admin Groups: To log in to the Administration Help Desk, the user must belong to a group configured in the Admin Groups Setting. You can have more than one group here and a user can be a member of multiple groups.

3.2 Other Settings

All other settings are optional and described under the Administration Help Desk configuration page.

3.2.1 Main Config

User Search Scopes: This setting defines which parts of the LDAP directory are searchable and visible in the Administration Help Desk.


User Search Attributes setting is also mandatory, but it has a default value. This setting defines the LDAP attributes which are searched when you perform a user search in Administration Help Desk. You should adjust it to match what attributes are relevant for search in your LDAP directory.

3.2.2 Other Settings

The settings under Allowed features define what actions are possible from the Administration Help Desk:


The settings under OTP Token Management define the types of OTP tokens which can be registered through Administration Help Desk and what is the default token type for registration:

The settings under Emergency OTP Management define the Emergency OTP availability and duration when” registered through Administration Help Desk :

The settings under SSH Key Management define what types of SSH keys can be registered through the Administration Help Desk:

3.3 Defining Administrative Help Desk access per group

An alternative to the general settings (i.e. a list of groups/users which can all manage the same list of users) is to allow specific groups to access specific users OU.

Unconfigure general User search base

When defining the Administration Help Desk access per group, you must untick the User search base to deactivate it in General settings of Administration Help Desk. Without this, this will include in the results the users of the general User search base setting.

Add the group in Admin Groups setting

In order for users of a group to be able to connect to the Administration Help Desk, the group must be included in the general setting Admin Groupsof Administration Help Desk.

For each group, you can then configure the User Search Group setting.


The setting in this example would restrict the members of cn=helpdesk-internal to only see and manage the users under ou=Internal,o=root.

4. LDAP Permissions

Actions done from the Administration Help Desk application are executed with the proxy_user to the LDAP directory, or with Login DNuser permissions in case of LDAP Mount Point. Please see the [proxy_user rights document] (/../howtos/proxy_user/proxy_user_rights/) for further details.