Configure LDAP Authentication for OneFuse via Command Line

Overview

This guide will go over how to configure LDAP Authentication for the OneFuse Platform via the command line. This is a temporary/backup solution until the LDAP Integration has been added to the OneFuse UI.


Considerations

OneFuse Supported Versions: v1.2+

The initial configuration starts with a .sh script that is contained within the /opt/cloudbolt/initialize/ path on the appliance. Additional commands can be executed via the shell to see/manage the setup.

All user settings in the OneFuse UI, such as password, membership, etc will be reverted back to the original LDAP mappings if changed in the OneFuse UI.


Procedure

Run the setup.sh script

  1. Establish an SSH session to the OneFuse Platform

  2. Navigate to /opt/cloudbolt/initialize/

    1. Command: cd /opt/cloudbolt/initialize/

  3. Run the setup_fuse_domain.sh script

    1. Command: ./setup_fuse_domain.sh

  4. Configure the options as prompted

    1. Domain: domain.com

    2. FQDN or IP of Directory Server: ad.domain.com

    3. Protocol [ldap or ldaps]: ldapor ldaps

    4. Port: 389 or 686 or custom port

    5. Domain Authentication Account [user@domain]: serviceaccount@domain.com

    6. Domain Authentication Password: ***********

    7. Base DN: DC=domain,DC=com

      1. Note: This base DN is used for user and group search. It is recommended to keep it closer to the root DN

    8. Username [sAMAccountName]: sAMAccountName or other attribute

    9. First Name [givenName]: givenName or other attribute

    10. Last Name [sn]: sn or other attribute

    11. Email [mail]: mail or other attribute

    12. Group DN for Workspace Admins: CN=Workspace_Admins, OU=Group,DC=domain,DC=com

      1. Note: To skip this option, leave the field blank

    13. Group DN for Workspace Members: CN=Workspace_Members, OU=Group,DC=domain,DC=com

      1. Note: To skip this option, leave the field blank

    14. Group DN for Workspace Executors: CN=Workspace_Executors, OU=Group,DC=domain,DC=com

      1. Note: To skip this option, leave the field blank

    15. Group DN for Workspace Viewers: CN=Workspace_Viewers, OU=Group,DC=domain,DC=com

      1. Note: To skip this option, leave the field blank

  5. After filling in all fields, the logs will show LDAP configuration complete

  6. This script can be ran additional times for either different domains or run against the same domain to update/modify the variables or attributes

Test the login to the OneFuse UI

  1. Test the login to the UI using the following format for the username

    1. Username: user@domain.com


Additional commands for LDAP configuration validation or modification

  1. SSH into the OneFuse appliance and run the following command to open the python shell

    1. /opt/cloudbolt/manage.py shell_plus

Command Description

Code

Example Return

Pre-requisite command for all sub commands

  • The below command must be ran to determine and map the LDAP connection for all subsequent commands

List all LDAP configurations

LDAPUtility.objects.all()

In [1]: LDAPUtility.objects.all()
...:
...:
Out[1]: <QuerySet [<LDAPUtility: domain.com>]>

Map to the LDAP configuration based on domain name

ldap = LDAPUtility.objects.get(ldap_domain="domain.com")

n/a

Subsequent commands

  • With the ldap variable mapped to the LDAP configuration, the below commands can be executed to query/submit an action against the ldap configuration

Search Username in LDAP configuration

ldap.runUserSearch("username")

In [7]: ldap.runUserSearch("username")
Out[7]: [('CN=username,OU=Group,DC=domain,DC=com', {})]

Delete LDAP configuration

ldap.delete()

n/a



Additional information

n/a

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.