Overview
This guide will go over how to configure LDAP Authentication for the OneFuse Platform via the command line. This is a temporary/backup solution until the LDAP Integration has been added to the OneFuse UI.
Considerations
OneFuse Supported Versions: v1.2+
The initial configuration starts with a .sh script that is contained within the /opt/cloudbolt/initialize/
path on the appliance. Additional commands can be executed via the shell to see/manage the setup.
All user settings in the OneFuse UI, such as password, membership, etc will be reverted back to the original LDAP mappings if changed in the OneFuse UI.
Procedure
Run the setup.sh script
Establish an SSH session to the OneFuse Platform
Navigate to
/opt/cloudbolt/initialize/
Command:
cd /opt/cloudbolt/initialize/
Run the
setup_fuse_domain.sh
scriptCommand:
./setup_fuse_domain.sh
Configure the options as prompted
Domain:
domain.com
FQDN or IP of Directory Server:
ad.domain.com
Protocol [ldap or ldaps]:
ldap
orldaps
Port:
389
or686
orcustom port
Domain Authentication Account [user@domain]:
serviceaccount@domain.com
Domain Authentication Password:
***********
Base DN:
DC=domain,DC=com
Note: This base DN is used for user and group search. It is recommended to keep it closer to the root DN
Username [sAMAccountName]:
sAMAccountName or other attribute
First Name [givenName]:
givenName or other attribute
Last Name [sn]:
sn or other attribute
Email [mail]:
mail or other attribute
Group DN for Workspace Admins:
CN=Workspace_Admins, OU=Group,DC=domain,DC=com
Note: To skip this option, leave the field blank
Group DN for Workspace Members:
CN=Workspace_Members, OU=Group,DC=domain,DC=com
Note: To skip this option, leave the field blank
Group DN for Workspace Executors:
CN=Workspace_Executors, OU=Group,DC=domain,DC=com
Note: To skip this option, leave the field blank
Group DN for Workspace Viewers:
CN=Workspace_Viewers, OU=Group,DC=domain,DC=com
Note: To skip this option, leave the field blank
After filling in all fields, the logs will show LDAP configuration complete
This script can be ran additional times for either different domains or run against the same domain to update/modify the variables or attributes
Test the login to the OneFuse UI
Test the login to the UI using the following format for the username
Username:
user@domain.com
Additional commands for LDAP configuration validation or modification
SSH into the OneFuse appliance and run the following command to open the python shell
/opt/cloudbolt/manage.py shell_plus
Command Description | Code | Example Return |
---|---|---|
Pre-requisite command for all sub commands
| ||
List all LDAP configurations |
|
|
Map to the LDAP configuration based on domain name |
| n/a |
Subsequent commands
| ||
Search Username in LDAP configuration |
|
|
Delete LDAP configuration |
| n/a |
Additional information
n/a
0 Comments