LDAP Directory Server Support

Goals:

• to login by authenticating against LDAP Directory server instead of locally only
• to synchronize users and groups with LDAP Directory server
• to allow central management of users, groups and their credentials in the enterpriseSupported directory servers:

• OpenLDAP
• MS Active Directory
• other LDAP compatible

Installation of LDAP support in Aida

• load package Aida-LDAP
• settings: anAIDASite
  
  • setLDAPAuthentication;
    
  • ldapServer: 'ldap.example.org';
  • ldapUserDN: 'cn=aidaweb,cn=Users,dc=eranova,dc=si'; "see below"
    
  • ldapUserPassword: 'Plikeron99'; "see below"
  • ldapBaseDN: 'cn=Users,dc=eranova,dc=si'  "for AD"

Configuration of MS Active Directory in Windows Server 2008 for Aida

Summary:

Add Group Policy object to allow access to a special user account dedicated to the Aida/Web server and its web apps.

Below is a detailed procedure for example domain eranova.si. Change it with your own domain.

Detailed:

• open Server Manager and click Roles -> Active Directory Domain Services
• click Active Directory Users and computers and domain, like eranova.si
• in Users add user with first and logon name 'aidaweb' and password, say 'Plikeron99'

• close Roles and click Features in tree pane of Server Manager
  
• click Group Policy Management (install that feature of not yet!)
• click forest: eranova.si -> Domains -> eranova.si -> Group Policy Objects
• add new policy named Aida/Web access policy
• link this new policy to the domain eranova.si (right click on the domain in tree view, Link to Existing GPO, chose our one)
• in Security filtering pane Add the aidaweb user and Delete others

• ... but, is this group policy really needed? It seems authentication works without it! More later, after some real world experience ...