Skip to content

How to connect to LDAP server

LDAP server or Active Directory can be used to enable users to log in to TeskaLabs LogMan.io seamlessly.

Specify LDAP connection by configuration of TeskaLabs SeaCat Auth (authorization server within TeskaLabs LogMan.io) in the model.

Find seacat-auth service in the model and follow this example. Before you apply changes in the model, upload the secret (in this case LDAP_USER_PASSWORD) securely to the Vault. Only then, the secret is available when changes are being applied to the SeaCat Auth configuration.

model.yaml

define:
  type: rc/model

services:
  ...
  seacat-auth:
    instances:
      - node1    # List of nodes with seacat-auth instance
    asab:
      config:
        "seacatauth:credentials:ldap:external":
          uri: ldap://ad.company.cz    # URI to you LDAP server
          username: "CN=user,OU=Users_System,DC=company,DC=cz"    # Full user name in the Active Directory
          attrusername: sAMAccountName
          password: "{{LDAP_USER_PASSWORD}}"
          base: DC=company,DC=cz
          filter: "(&(objectClass=user)(|(sAMAccountName=novakjan)(sAMAccountName=novotnypavel)))"
          attributes: "mail mobile"

secrets:
  LDAP_USER_PASSWORD: {}

To save the secret to the Vault, use this command on the LogMan.io host server. Make sure you replace the key and the password value according to your needs.

curl -X PUT localhost:8891/vault/LDAP_USER_PASSWORD  --data 'supersecret'

Hit Apply button accessible in the /Site folder of the Library or use commandline option.

On the host server, in the /opt/site directory, use command:

./gov.sh up