Configure LDAP Authentication for OneFuse

Knowledge Base

This guide will go over how to configure LDAP Authentication for the OneFuse Platform via the command line. This is a temporary/backup solution until the LDAP Integration has been added to the OneFuse UI.

Considerations

  • OneFuse supported versions: v1.2+
    • *Note: For v1.3, there is a known issue – please refer to the section: Manually Add Users
  • The initial configuration starts with a .sh script that is contained within the /opt/cloudbolt/initialize/ path on the appliance. Additional commands can be executed via the shell to see/manage the setup.
  • All user settings in the OneFuse UI, such as password, membership, etc will be reverted back to the original LDAP mappings if changed in the OneFuse UI.

Procedure

Run the setup.sh script

  1. Establish an SSH session to the OneFuse Platform
  2. Navigate to /opt/cloudbolt/initialize/
    1. Command: cd /opt/cloudbolt/initialize/
  3. Run the setup_fuse_domain.sh script
    1. Command: ./setup_fuse_domain.sh
  4. Configure the options as prompted
    1. Domain: domain.com
    2. FQDN or IP of Directory Server: ad.domain.com
    3. Protocol [ldap or ldaps]: ldapor ldaps
    4. Port: 389 or 686 or custom port
    5. Domain Authentication Account [user@domain]: serviceaccount@domain.com
    6. Domain Authentication Password: ***********
    7. Base DN: DC=domain,DC=com
      1. Note: This base DN is used for user and group search. It is recommended to keep it closer to the root DN
    8. Username [sAMAccountName]: sAMAccountName or other attribute
    9. First Name [givenName]: givenName or other attribute
    10. Last Name [sn]: sn or other attribute
    11. Email [mail]: mail or other attribute
    12. Group DN for Workspace Admins: CN=Workspace_Admins, OU=Group,DC=domain,DC=com
      1. Note: To skip this option, leave the field blank
    13. Group DN for Workspace Members: CN=Workspace_Members, OU=Group,DC=domain,DC=com
      1. Note: To skip this option, leave the field blank
    14. Group DN for Workspace Executors: CN=Workspace_Executors, OU=Group,DC=domain,DC=com
      1. Note: To skip this option, leave the field blank
    15. Group DN for Workspace Viewers: CN=Workspace_Viewers, OU=Group,DC=domain,DC=com
      1. Note: To skip this option, leave the field blank
  5. After filling in all fields, the logs will show LDAP configuration complete
  6. This script can be ran additional times for either different domains or run against the same domain to update/modify the variables or attributes

Test the login to the OneFuse UI

Test the login to the UI using the following format for the username: user@domain.com

*If on OneFuse v1.3, refer to the Manually Add Users section.

Additional commands for LDAP configuration validation or modification

SSH into the OneFuse appliance and run the following command to open the python shell

/opt/cloudbolt/manage.py shell_plus

Prerequisite command for all sub-commands

The below command must be ran to determine and map the LDAP connection for all subsequent commands

Command DescriptionCodeExample Return
List all LDAP ConfigurationsLDAPUtility.objects.all()In [1]: LDAPUtility.objects.all()
...:
...:
Out[1]: <QuerySet [<LDAPUtility: domain.com>]>
Map to the LDAP Configuration based on domain nameldap = LDAPUtility.objects.get(ldap_domain="domain.com")N/A

Subsequent Commands

With the ldap variable mapped to the LDAP Configuration, the below commands can be executed to query/submit an action against the LDAP Configuration

Command DescriptionCodeExample Return
Search Username in LDAP configurationldap.runUserSearch("username")In [7]: ldap.runUserSearch("username")
Out[7]: [('CN=username,OU=Group,DC=domain,DC=com', {})]
Delete LDAP configurationldap.delete()N/A

Manually Add Users

*Only perform the steps below for OneFuse v1.3.

  1. Have the user(s) log in with their Domain Account
    • This will add them to the OneFuse Users list
  2. Have the OneFuse Administrator log in with “admin” and perform the following steps:
    1. Click on Workspace Admin > User Management from the left navigation menu
    1. Click on [+ Add]
    2. Select the user from the list and select the appropriate role.
    3. Repeat for all Users
Questions or comments? Visit our

Comments are closed.

Skip to toolbar