How to connect to LDAP server¶
LDAP server or Active Directory can be used to enable users to log in to TeskaLabs LogMan.io seamlessly.
Specify LDAP connection by configuration of TeskaLabs SeaCat Auth (authorization server within TeskaLabs LogMan.io) in the model.
Find seacat-auth
service in the model and follow this example.
Before you apply changes in the model, upload the secret (in this case LDAP_USER_PASSWORD
) securely to the Vault. Only then, the secret is available when changes are being applied to the SeaCat Auth configuration.
model.yaml
define:
type: rc/model
services:
...
seacat-auth:
instances:
- node1 # List of nodes with seacat-auth instance
asab:
config:
"seacatauth:credentials:ldap:external":
uri: ldap://ad.company.cz # URI to you LDAP server
username: "CN=user,OU=Users_System,DC=company,DC=cz" # Full user name in the Active Directory
attrusername: sAMAccountName
password: "{{LDAP_USER_PASSWORD}}"
base: DC=company,DC=cz
filter: "(&(objectClass=user)(|(sAMAccountName=novakjan)(sAMAccountName=novotnypavel)))"
attributes: "mail mobile"
secrets:
LDAP_USER_PASSWORD: {}
To save the secret to the Vault, use this command on the LogMan.io host server. Make sure you replace the key and the password value according to your needs.
curl -X PUT localhost:8891/vault/LDAP_USER_PASSWORD --data 'supersecret'
Hit Apply button accessible in the /Site
folder of the Library or use commandline option.
On the host server, in the /opt/site
directory, use command:
./gov.sh up