LDAP Directory Server Support
- to login by authenticating against LDAP Directory server instead of locally only
- to synchronize users and groups with LDAP Directory server
- to allow central management of users, groups and their credentials in the enterpriseSupported directory servers:
- MS Active Directory
- other LDAP compatible
Installation of LDAP support in Aida
- load package Aida-LDAP
- settings: anAIDASite
- ldapServer: 'ldap.example.org';
- ldapUserDN: 'cn=aidaweb,cn=Users,dc=eranova,dc=si'; "see below"
- ldapUserPassword: 'Plikeron99'; "see below"
- ldapBaseDN: 'cn=Users,dc=eranova,dc=si' "for AD"
Configuration of MS Active Directory in Windows Server 2008 for Aida
Add Group Policy object to allow access to a special user account dedicated to the Aida/Web server and its web apps.
Below is a detailed procedure for example domain eranova.si. Change it with your own domain.
- open Server Manager and click Roles -> Active Directory Domain Services
- click Active Directory Users and computers and domain, like eranova.si
- in Users add user with first and logon name 'aidaweb' and password, say 'Plikeron99'
- close Roles and click Features in tree pane of Server Manager
- click Group Policy Management (install that feature of not yet!)
- click forest: eranova.si -> Domains -> eranova.si -> Group Policy Objects
- add new policy named Aida/Web access policy
- link this new policy to the domain eranova.si (right click on the domain in tree view, Link to Existing GPO, chose our one)
- in Security filtering pane Add the aidaweb user and Delete others
- ... but, is this group policy really needed? It seems authentication works without it! More later, after some real world experience ...