• Photos Photos
  • Linked In Linked In
  • Google + Google +
  • Facebook Facebook
  • Flickr Flickr
  • Vimeo Vimeo

www.gavinwill.me.uk

Photography, IT, Bikes and more.

  • Pages

    • About
    • Blog
    • Contact
    • Home
  • Archives

    • January 2013
    • September 2012
    • August 2012
    • July 2012
    • June 2012
    • May 2012
    • April 2012
    • March 2012
    • February 2012
    • January 2012
    • December 2011
    • November 2011
  • Search:

Posts

  • View Archive

Active Directory Authentication with Racktables

Racktables is a mature and robust solution for datacenter and server room asset management. It helps document hardware assets, network addresses, space in racks, networks configuration and more.

To enable Active Directory authentication you need to edit secret.php and add the LDAP option along with the Base DN to search for.

 
<?php
/* This file has been generated automatically by RackTables installer.
 * you shouldn't normally edit it unless your database setup has changed.
 */
$pdo_dsn = 'mysql:host=localhost;dbname=racktables';
$db_username = 'DBusername';
$db_password = 'DBpassword';
 
// Default setting is to authenticate users locally, but it is possible to
// employ existing LDAP or Apache userbase. Uncommenting below two lines MAY
// help in switching authentication to LDAP completely.
// More info: http://sourceforge.net/apps/mediawiki/racktables/index.php?title=RackTablesAdminGuide
 
$user_auth_src = 'ldap';
$require_local_account = FALSE;
 
// This is only necessary for 'ldap' authentication soure
 
$LDAP_options = array
(
  'server' => 'domaincontroller1.domain.com domain.controller2.domain.com',
  'domain' => 'domain.com',
  'search_attr' => 'sAMAccountName',
  'search_dn' => 'OU=Users,OU=MyBusiness,DC=domain,DC=com',
  'displayname_attrs' => 'givenname sn',
  'options' => array (LDAP_OPT_PROTOCOL_VERSION => 3, LDAP_OPT_REFERRALS => 0),
);
 
?>

<?php /* This file has been generated automatically by RackTables installer. * you shouldn't normally edit it unless your database setup has changed. */ $pdo_dsn = 'mysql:host=localhost;dbname=racktables'; $db_username = 'DBusername'; $db_password = 'DBpassword'; // Default setting is to authenticate users locally, but it is possible to // employ existing LDAP or Apache userbase. Uncommenting below two lines MAY // help in switching authentication to LDAP completely. // More info: http://sourceforge.net/apps/mediawiki/racktables/index.php?title=RackTablesAdminGuide $user_auth_src = 'ldap'; $require_local_account = FALSE; // This is only necessary for 'ldap' authentication soure $LDAP_options = array ( 'server' => 'domaincontroller1.domain.com domain.controller2.domain.com', 'domain' => 'domain.com', 'search_attr' => 'sAMAccountName', 'search_dn' => 'OU=Users,OU=MyBusiness,DC=domain,DC=com', 'displayname_attrs' => 'givenname sn', 'options' => array (LDAP_OPT_PROTOCOL_VERSION => 3, LDAP_OPT_REFERRALS => 0), ); ?>

The important lines to notice are $user_auth_src = ‘ldap’; which states to use ldap as the authentication source and the line – $require_local_account = FALSE; that states that there does not need to be a local user in the database. Our preference was to have this as false and instead let the person access racktables if authenticated. Permissions in racktables then handle what the person can or cant see.

You will also want to run racktables over https if you are using LDAP authentication since the passwords could possibly be sniffed.
Now that you have setup the LDAP authentication you need to go into Configuration then permissions in Racktables and set what you want to access.

If you were to simply want any authenticated user admin access you would simply add the line:

allow true

allow true

If you were to want a specific user admin access you would add the line:

allow {$username_auser}

allow {$username_auser}

and finally for a member of a specific group you would use:

allow {$lgcn_IT Dept}

allow {$lgcn_IT Dept}

You will want to restrict access depending on what group membership a person uses but by having AD authentication means it is simple and quick to grant a user access. Simply put them in the relevant group and they can login straight away.

  • March 2, 2012
  • Active Directory, Linux
  • 0
Cancel Reply

Copyright © 2019 www.gavinwill.me.uk.

  • LinkedIn
  • Google +
  • Facebook
  • Flickr
  • Vimeo
Back to Top