Versions Compared

Old Version 3

changes.mady.by.user Aryn Wiebe

Saved on

compared with

New Version 4

changes.mady.by.user Aryn Wiebe

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Expand
titleSTEP 4: Add the Active Directory Iguana Service account details to the LDAP Authenticator component card

In the LDAP Authenticator component card, set the following custom fields:

  1. Set the HostUrl field. The host url must begin with ldap:// or ldaps:// and must contain the port number if you are not using the standard ldap ports.

  2. Set the BaseDN field. The BaseDN is an LDAP Distinguished Name that identifies the base object that Iguana uses to search for users. When a user logs in to Iguana, the Iguana Service account will search for a user using the BaseDN as the root for the search.

  3. Set the ServiceUsername and ServicePassword to the credentials of your Iguana Service account. The ServiceUsername must be fully qualified with the domain, for example IguanaService@example.com instead of just IguanaService.

Screen Shot 2024-03-04 at 11.08.27 AM.png
Expand
titleSTEP 5: Create an #ldap role to restrict access to the component and its logs

To secure the LDAP component and its logs, create a #ldap Role in Iguana Settings > Roles to match up with the #ldap component tag. Using a component tag matched with a role tag, we can restrict the access to interact with the LDAP component to only the admin user and those users with the #ldap Role assigned to them.

The #ldap Role should have the following permissions applied:

Image Added
Expand
titleFor Linux only, a manual build of curl to query the Active Directory server

The component uses curl to query the active directory server. For Windows, a version of the curl binary is shipped with the component. For linux, if your system does not have a version of curl that supports ldap, follow the directions at the bottom to build curl.

The steps below show building curl from source for Amazon Linux. For other flavours of linux, adjust the commands accordingly.

Step 1: Get the latest curl download from the curl website.

Code Block
wget https://curl.se/download/curl-8.6.0.tar.gz

Step 2: Use tar to extract the files.

Code Block
tar -xzf curl-8.6.0.tar.gz

Step 3: cd into the curl folder.

Code Block
cd curl-8.6.0/

Step 4: Install gcc if needed.

Code Block
sudo yum install gcc

Step 5: Install openldap-devel.x86_64 if needed.

Code Block
sudo yum install openldap-devel.x86_64

Step 6: Install openssl-devel.x86_64 if needed.

Code Block
sudo yum install openssl-devel.x86_64

Step 7: Run the command to configure and enable ldap.

Code Block
./configure --enable-ldap --with-openssl --without-libpsl

Step 8: Compile the source code.

Code Block
make

Step 9: Install source code.

Code Block
sudo make install

Step 10: Check curl version and make sure LDAP is present in the Protocols list.

Code Block
curl --version

OUTPUT:
curl 8.6.0 (x86_64-pc-linux-gnu) libcurl/8.6.0 OpenSSL/3.0.8 OpenLDAP/2.4.57
Release-Date: 2024-01-31
Protocols: dict file ftp ftps gopher gophers http https imap imaps ipfs ipns ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: alt-svc AsynchDNS HSTS HTTPS-proxy IPv6 Largefile NTLM SSL threadsafe TLS-SRP UnixSockets
Expand
titleSTEP 56: Done! Logout and use your Active Directory credentials to login to Iguana

Users can now login to Iguana using their Active Directory credentials!

The component will start automatically and run whenever a user logs in to Iguana. The Iguana Service account will try to authenticate the user credentials using the Active Directory first. Should authentication fail, Iguana will then try to see if the user credentials match any local user.

...