mirror of
https://github.com/ntop/ntopng.git
synced 2026-04-29 15:39:33 +00:00
f1d38bac3b
* Standardize spelling customize in docs * Standardize spelling categorize in docs * Standardize spelling behavior in docs * Standardize spelling visualization in docs * Standardize spelling Redis in docs * Standardize spelling ZMQ in docs * Standardize spelling CPU in docs * Standardize spelling URL in docs * Correct typos in docs
32 lines
1.3 KiB
Text
32 lines
1.3 KiB
Text
# OpenLDAP as Active Directory proxy
|
|
|
|
When using the sAMAccount account type in combination with OpenLDAP as an Active Directory proxy,
|
|
ntopng authentication will not work because the "memberOf" attribute used by ntopng is not found.
|
|
In fact, OpenLDAP does not understand the "memberOf" attribute of AD and so it creates a
|
|
MEMBEROF (uppercase) pseudo attribute, which is not standard.
|
|
|
|
In order to make this setup work properly, the following should be added to the OpenLDAP config:
|
|
|
|
```
|
|
attributetype ( 1.2.840.113556.1.2.102
|
|
NAME 'memberOf'
|
|
SYNTAX '1.3.6.1.4.1.1466.115.121.1.12'
|
|
)
|
|
```
|
|
|
|
*IMPORTANT*
|
|
|
|
When using POSIX accounts, the LDAP server should be configured as follows in order
|
|
to work correctly with ntopng:
|
|
|
|
- Into the LDAP user configuration, note down the "uid" parameter (called "User Name"
|
|
in OpenLDAP, not to be confused with "UidNumber"). You will need it below.
|
|
|
|
- Into the LDAP group configuration, you should add a new custom field "memberUid", with
|
|
the same value of the user "uid" field above.
|
|
|
|
As an example, supposing there is a group "usersGroup" and a user "ntopngUser" as uid,
|
|
a new field "memberUid" should be added to the "usersGroup" configuration with "ntopngUser" as
|
|
value.
|
|
|
|
The *memberUid* (ntopngUser in this case) is the username to use for the ntopng authentication.
|