- Pre-configured LDAP server with users and groups setup. Your instructor will provide you with details.
- Basic understanding of LDAP structure
-
Open a browser and go to http://LDAP_SERVER/phpldapadmin. LDAP_SERVER should be the domain name or public IP address of your LDAP node. This will open up the GUI for your LDAP server
-
Login to the server with the following credentials:
Login DN: cn=admin,dc=test,dc=com Password: admin
-
Expand the left navigation bar and take note of the LDAP entries underneath
ou=all users
,ou=engineering
andou=HR
In this setup, we have 6 users.
1. Login to UCP as the admin user
2. Go to the “Settings” page of UCP
3. Click on the Auth section and change the Method from "Managed" to "LDAP"
4. Specify your LDAP server URL. Use the format "ldap://"
5. Select "Full Control" on the Default Permission for Newly Discovered Accounts field
6. For the LDAP Server Configuration section, fill in the following details.
Field | Value |
---|---|
Recovery Admin Username | admin |
Recovery Admin Password | orca |
Reader DN | cn=Chuck Norris,ou=all users,dc=test,dc=com |
Reader Password | password |
7. For the LDAP Security Options, leave both options unchecked.
8. For the User Search Configurations section, fill in the following details.
Field | Value |
---|---|
Base DN | dc=test,dc=com |
Username Attribute | uid |
Full Name Attribute | cn |
Filter | objectClass=inetOrgPerson |
8. Tick the Scope Subtree checkbox
9. Scroll down to the Test LDAP Connection section and specify the following:
Field | Value |
---|---|
LDAP Test Username | cnorris |
LDAP Test Password | password |
10. Click the Test button and verify that you get a Success message
11. Click Update Auth Settings
-
In the LDAP Sync Status section, click on the Sync Now button.
-
Click on User and Teams and check to see that all the users from our LDAP server are present. You will also notice that the previous users you created are still present.
-
Logout of UCP as the admin user. Try and login as user
johnfull
. What do you notice?Once UCP is integrated with LDAP, all user accounts will come from LDAP. Managed accounts that were previously setup in UCP will be disabled, accept for the account that your specified in the Recovery Admin Username configuration field.
-
Login as the user
cnorris
. The password ispassword
-
Logout as
cnorris
and log back in asadmin
. Disable the LDAP integration by switching the Authentication back to Managed