LDAP Authenticator

The LDAP Authenticator is a utility component which enables users to login to the Iguana application with an organization’s Active Directory credentials using LDAP (Lightweight Directory Access Protocol) for external authentication of users. For use with other directory services, the LDAP Authenticator component will need to be modified.

When a user logs into Iguana through LDAP, Iguana assigns the User a Role Tag corresponding to the user’s Active Directory Group. For example, if in the Active Directory, user John was a member of the groups dev and support then in Iguana, John would have the tags #dev and #support.

If a Role matching the #tag already exists in Iguana, the defined permissions will be in effect. If a new #tag is assigned, a corresponding Role will need to be created with defined permissions.

Connecting the LDAP Authenticator component to your Active Directory

Prior to setting up the LDAP Authenticator component, you will need to create an Iguana Service account in your Active Directory. This user account will be used as a service account. Iguana will use this account’s credentials to authenticate the users trying to login and update the information of users logged in through LDAP.

In your Active Directory Server:

  1. In the menu bar, click Actions > New > User

  2. Provide a firstname, lastname, and user logon name - e.g., IguanaService@interfaceware.biz.

  3. Configure a password. Review the user object details and click Finish.

On the Iguana Dashboard, go to +Component and search for “LDAP Authenticator“, select the component and click Add. See Create a Component if this is your first time.

Copy your unique component GUID from the browser address bar. This will be used to create one of the Environmental Variables in the next step.

Screen Shot 2024-03-04 at 11.01.44 AM.png

In Settings > Environment, click create and add the following variables:

  1. Set IFW_EAUTH_COMPONENT to the Component GUID (copied in the last step)

  2. Set IFW_EAUTH_POLL_INTERVAL to a frequency in seconds for the LDAP user cache refresh (default 60 seconds)

Screen Shot 2024-03-04 at 10.38.37 AM.png

In the LDAP Authenticator component card, set the following custom fields:

  1. Set the HostUrl field. The host url must begin with ldap:// or ldaps:// and must contain the port number if you are not using the standard ldap ports.

  2. Set the BaseDN field. The BaseDN is an LDAP Distinguished Name that identifies the base object that Iguana uses to search for users. When a user logs in to Iguana, the Iguana Service account will search for a user using the BaseDN as the root for the search.

  3. Set the ServiceUsername and ServicePassword to the credentials of your Iguana Service account. The ServiceUsername must be fully qualified with the domain, for example IguanaService@example.com instead of just IguanaService.

 

Related pages