Documents in LDAP

Active Directory with WebADM

1. Installation Packages Firstly, we have to install OpenOTP and WebADM packages available through RCDevs Repository or on RCDevs Website. In this “How To”, we will install all required packages through the RCDevs repository. So, your servers should have an internet access to download every package. 1.1 For Redhat/CentOS On a RedHat, Centos or Fedora system, you can use our repository, which simplifies updates. Add the repository on your server(s) who will host WebADM/OpenOTP:

Active Directory with SSL

How to Enable Active Directory LDAP SSL Installing an Enterprise Root Certificate Authority in Windows Server 2008/2012/2016. In order to install and configure an Enterprise Root CA, you must log onto the server with a user account that belongs to the Domain Admins group. 1. To Set Up an Enterprise Root CA in Windows Server 2008/2012/2016 1) Click Start, point to Administrative Tools and then click Server Manager. 2) In the Roles Summary section, click Add Roles.

OpenOTP LDAP Bridge

1. Product Overview The main use-case of OpenOTP LDAP Bridge is enabling enterprise applications that use LDAP as an external authentication mechanism to work with OpenOTP. LDAP Bridge allows authentication to be delegated to an OpenOTP server transparently, without changing the LDAP back-end. From the client applications perspective, the main change is that it will use the LDAP Bridge as an LDAP server, instead of the backend-end LDAP server.

PAM & OpenOTP

How To Install and Configure PAM OpenOTP Plugin to Enable Multifactor Authentication on Linux Machines Simple login flow Push Login flow 1. Background On Unix-like systems, processes such as the OpenSSH daemon need to authenticate the user and learn a few things about him or her (user ID, home directory, …). Authentication is done through a mechanism called Pluggable Authentication Modules, and retrieving information about users (or even groups, hostnames, …) is done through another mechanism, called the Name Service Switch.

RCDevs Directory Server Installation

Installation of RCDevs Directory Server System requirements: RCDevs Directory Server (DS) runs on Linux with GLIBC ≥ 2.5. The package contains the required dependencies allowing DS to run on any Linux system without other requirements. 1. Install DS 1.1 Using the Repository 1.1.1 CentOS/RHEL On a RedHat, Centos or Fedora system, you can use our repository, which simplifies updates. Add the repository: [root@ldap ~]# curl http://www.rcdevs.com/repos/redhat/rcdevs.repo -o /etc/yum.repos.d/rcdevs.repo Clean yum cache:

Novell eDirectory Installation

How To Install Novell eDirectory Note To install and setup Novell eDirectory on a Linux server, proceed as follows. 1. Installing eDirectory Use the nds-install utility to install eDirectory components on Linux systems. This utility is located in the Setup directory on the CD for the Linux platform. The utility adds the required packages based on what components you choose to install. Log in as root on the host.

OpenLDAP Installation

How To Install OpenLDAP On an empty OpenLDAP, you can initialize your directory by importing the following LDIF entries. Change “mydomain” to match your organization name and save the LDIF content to a root.ldif file. dn: dc=mydomain dc: mydomain ou: rootObject objectClass: top objectClass: dcObject objectClass: organizationalUnit dn: cn=admin,dc=mydomain cn: admin sn: admin objectClass: person objectClass: inetOrgPerson Use the following command to initialize your OpenLDAP directory. ldapadd -x -D "cn=admin,dc=mydomain" -W -f root.

Authentication

Test Double Authentication with a User 1. User Activation Once WebADM is installed and configured, we can connect to it with a web browser. We select the user to activate in the LDAP tree on the left, for example, Admin, or we create a new user by clicking on Create. Once the user is selected, we click on Activate Now!: If present, we fill mandatory attributes and Proceed: We click on Extend Object:

Schema Extension

Schema Extension 1. Content of the Schema Extension The schema extension is very minimal. It is composed of three object classes (webadmAccount, webadmGroup and webadmConfig) and three attributes (webadmSettings, webadmData and webadmType). Each attribute contains a registered object identifier. 34617 corresponds to the registered number for RCDevs at IANA. 2. Automatic Schema Extension This option is preferred and is very easy. It works with most of LDAP servers. 2.1 Active Directory Prerequisite The first domain controller defined in /opt/webadm/conf/servers.

Mountpoints

1. Overview Generally, WebADM is configured to connect with a remote AD/LDAP domain for two reasons: For an admin to be able to browse (and optionally modify) remote domain contents such as user objects via a web browser (and optionally delegate that work to sub-administrators). To act as a gateway to allow the OpenOTP server to read and use remote user data for authentication purposes (i.e. fetch user mobile phone number from AD account).