Skip to content

How to connect to LDAP server

LDAP server or Active Directory can be used to enable users to log in to TeskaLabs LogMan.io seamlessly.

Specify LDAP connection by configuration of TeskaLabs SeaCat Auth (authorization server within TeskaLabs LogMan.io) in the model.

Find seacat-auth service in the model and follow this example.

Important

Before you apply changes in the model, upload the secret (in this case LDAP_USER_PASSWORD) securely to the Vault. Only then, the secret is available when changes are being applied to the SeaCat Auth configuration.

/Site/model.yaml
define:
  type: rc/model

services:
  ...
  seacat-auth:
    instances:
      - node1  #(1)
    asab:
      config:
        "seacatauth:credentials:ldap:external":
          uri: ldap://ad.company.cz  #(2)
          username: "CN=user,OU=Users_System,DC=company,DC=cz"  #(3)
          attrusername: sAMAccountName
          password: "{{LDAP_USER_PASSWORD}}"
          base: DC=company,DC=cz
          filter: "(&(objectClass=user)(|(sAMAccountName=novakjan)(sAMAccountName=novotnypavel)))"
          attributes: "mail mobile"

secrets:
  LDAP_USER_PASSWORD: {}
  1. List of nodes with seacat-auth instance.
  2. URI to your LDAP server.
  3. Full user name in the Active Directory.

To save the secret to the Vault, use this command on the LogMan.io host server. Make sure you replace the key and the password value according to your needs.

curl -X PUT localhost:8891/vault/LDAP_USER_PASSWORD  --data 'supersecret'

Hit Apply button accessible in the /Site folder of the Library or use command-line option.

On the host server, in the /opt/site directory, use the command:

./gov.sh up