LDAP Directory Server Support

Goals:

  • to login by authenticating against LDAP Directory server instead of locally only
  • to synchronize users and groups with LDAP Directory server
  • to allow central management of users, groups and their credentials in the enterpriseSupported directory servers:
  • OpenLDAP
  • MS Active Directory
  • other LDAP compatible

Installation of LDAP support in Aida

  • load package Aida-LDAP
  • settings: anAIDASite
    • setLDAPAuthentication;
    • ldapServer: 'ldap.example.org';
    • ldapUserDN: 'cn=aidaweb,cn=Users,dc=eranova,dc=si'; "see below"
    • ldapUserPassword: 'Plikeron99'; "see below"
    • ldapBaseDN: 'cn=Users,dc=eranova,dc=si'  "for AD"

Configuration of MS Active Directory in Windows Server 2008 for Aida

Summary:

Add Group Policy object to allow access to a special user account dedicated to the Aida/Web server and its web apps.

Below is a detailed procedure for example domain eranova.si. Change it with your own domain.

Detailed:

  • open Server Manager and click Roles -> Active Directory Domain Services
  • click Active Directory Users and computers and domain, like eranova.si
  • in Users add user with first and logon name 'aidaweb' and password, say 'Plikeron99'
  • close Roles and click Features in tree pane of Server Manager
  • click Group Policy Management (install that feature of not yet!)
  • click forest: eranova.si -> Domains -> eranova.si -> Group Policy Objects
  • add new policy named Aida/Web access policy
  • link this new policy to the domain eranova.si (right click on the domain in tree view, Link to Existing GPO, chose our one)
  • in Security filtering pane Add the aidaweb user and Delete others
  • ... but, is this group policy really needed? It seems authentication works without it! More later, after some real world experience ...