Configure LDAP Authentication for OneFuse via Command Line


This guide will go over how to configure LDAP Authentication for the OneFuse Platform via the command line. This is a temporary/backup solution until the LDAP Integration has been added to the OneFuse UI.


OneFuse Supported Versions: v1.2+

The initial configuration starts with a .sh script that is contained within the /opt/cloudbolt/initialize/ path on the appliance. Additional commands can be executed via the shell to see/manage the setup.

All user settings in the OneFuse UI, such as password, membership, etc will be reverted back to the original LDAP mappings if changed in the OneFuse UI.


Run the script

  1. Establish an SSH session to the OneFuse Platform

  2. Navigate to /opt/cloudbolt/initialize/

    1. Command: cd /opt/cloudbolt/initialize/

  3. Run the script

    1. Command: ./

  4. Configure the options as prompted

    1. Domain:

    2. FQDN or IP of Directory Server:

    3. Protocol [ldap or ldaps]: ldapor ldaps

    4. Port: 389 or 686 or custom port

    5. Domain Authentication Account [user@domain]:

    6. Domain Authentication Password: ***********

    7. Base DN: DC=domain,DC=com

      1. Note: This base DN is used for user and group search. It is recommended to keep it closer to the root DN

    8. Username [sAMAccountName]: sAMAccountName or other attribute

    9. First Name [givenName]: givenName or other attribute

    10. Last Name [sn]: sn or other attribute

    11. Email [mail]: mail or other attribute

    12. Group DN for Workspace Admins: CN=Workspace_Admins, OU=Group,DC=domain,DC=com

      1. Note: To skip this option, leave the field blank

    13. Group DN for Workspace Members: CN=Workspace_Members, OU=Group,DC=domain,DC=com

      1. Note: To skip this option, leave the field blank

    14. Group DN for Workspace Executors: CN=Workspace_Executors, OU=Group,DC=domain,DC=com

      1. Note: To skip this option, leave the field blank

    15. Group DN for Workspace Viewers: CN=Workspace_Viewers, OU=Group,DC=domain,DC=com

      1. Note: To skip this option, leave the field blank

  5. After filling in all fields, the logs will show LDAP configuration complete

  6. This script can be ran additional times for either different domains or run against the same domain to update/modify the variables or attributes

Test the login to the OneFuse UI

  1. Test the login to the UI using the following format for the username

    1. Username:

Additional commands for LDAP configuration validation or modification

  1. SSH into the OneFuse appliance and run the following command to open the python shell

    1. /opt/cloudbolt/ shell_plus

Command Description


Example Return

Pre-requisite command for all sub commands

  • The below command must be ran to determine and map the LDAP connection for all subsequent commands

List all LDAP configurations


In [1]: LDAPUtility.objects.all()
Out[1]: <QuerySet [<LDAPUtility:>]>

Map to the LDAP configuration based on domain name

ldap = LDAPUtility.objects.get(ldap_domain="")


Subsequent commands

  • With the ldap variable mapped to the LDAP configuration, the below commands can be executed to query/submit an action against the ldap configuration

Search Username in LDAP configuration


In [7]: ldap.runUserSearch("username")
Out[7]: [('CN=username,OU=Group,DC=domain,DC=com', {})]

Delete LDAP configuration



Additional information


Have more questions? Submit a request


Please sign in to leave a comment.