Monarc
/
MonarcAppFO
mirror of https://github.com/monarc-project/MonarcAppFO
1
0
Fork 0
Code Issues Releases Wiki Activity

Added documentation for ldap configuration

ldap
Stanley 2019-08-22 11:16:31 +02:00
parent 5f3aaf1177
commit 1b179104bf
1 changed files with 38 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
ldapDocumentation.md Normal file
View File

@ -0,0 +1,38 @@
# LDAP Authentification to the Risk Assessment Platform
Some organisation may prefer that the users of the risk assessment platform to authenticate with their internal LDAP server instead of MONARC's SQL database. This can, in some cases, allow the administrator to have a better control over the users.
This document explains the procedures of the LDAP authentification method by describing the configuration needed for both Monarc and the LDAP server.
Note that the ldap package for the corresponding PHP version must be installed.
### Installing ldap package for PHP
To install ldap package on a lamp for PHP, follow these steps:
* *apt-get install php-ldap* to install the package
* *service apache2 restart* to restart the apache server
* Now ldap is installed.
### Adding an user from LDAP Server in MONARC
In order to log in with a user from LDAP Server, the user must be added to the MONARC Platform with the ldap connection option. A password will not be required for the user as the password in LDAP server will be used.
### Authentificating using the LDAP server
If the connecting user has the ldap connection option enabled, the platform will establish a connection with the LDAP server and firstly authentificate using the admin credentials specified in the configuration file (local.php). If the connection is established successfully, a query will be executed to search in the directory information tree for the entry with the corresponding email address. In the case where a unique entry is found, a second authentification will then be attempted with the credential entered in the MONARC platform. The procedues that follow are the same as normal authentification using the MONARC's SQL database.
### MONARC's local configuration for LDAP authentification
The configuration of MONARC platform for LDAP authentification can be done in the local.php file. An array with key "ldap" can be added into the php array to specify the configuration needed. The following table shows the configurable fields and their corresponding key.
| Key | Description | Default Value |
| ------ | ----------- | ----------- |
| uri | The URI of the LDAP server in the form ldap://hostname:port or ldaps://hostname:port for SSL encryption. | ldap:/// (local LDAP server with default port)
| ldapOptProtocolVersion | Version of LDAP protocol used | 3 (LDAPv3)
| ldapOptReferrals | How the client library should handle Referrals returned by the server | 0 (Disabled)
| baseDN | The distinguished name of the base entry for the directory where LDAP query should start at | dc=monarc,dc=com
| adminDN | The distinguished name of the admin entry | An anonymous bind will be attempted if not found
| adminPassword | The password of the admin entry | An anonymous bind will be attempted if not found
| loginAttribute | The key of the field in LDAP directory matched with the login e-mail | mail