This guide will go over how to configure LDAP Authentication for the OneFuse Platform via the command line. This is a temporary/backup solution until the LDAP Integration has been added to the OneFuse UI.
Considerations
- OneFuse supported versions: v1.2+
- *Note: For v1.3, there is a known issue – please refer to the section: Manually Add Users
- The initial configuration starts with a .sh script that is contained within the
/opt/cloudbolt/initialize/
path on the appliance. Additional commands can be executed via the shell to see/manage the setup. - All user settings in the OneFuse UI, such as password, membership, etc will be reverted back to the original LDAP mappings if changed in the OneFuse UI.
Procedure
Run the setup.sh script
- Establish an SSH session to the OneFuse Platform
- Navigate to
/opt/cloudbolt/initialize/
- Command:
cd /opt/cloudbolt/initialize/
- Command:
- Run the
setup_fuse_domain.sh
script- Command:
./setup_fuse_domain.sh
- Command:
- Configure the options as prompted
- Domain:
domain.com
- FQDN or IP of Directory Server:
ad.domain.com
- Protocol [ldap or ldaps]:
ldap
orldaps
- Port:
389
or686
orcustom port
- Domain Authentication Account [user@domain]:
serviceaccount@domain.com
- Domain Authentication Password:
***********
- Base DN:
DC=domain,DC=com
- Note: This base DN is used for user and group search. It is recommended to keep it closer to the root DN
- Username [sAMAccountName]:
sAMAccountName or other attribute
- First Name [givenName]:
givenName or other attribute
- Last Name [sn]:
sn or other attribute
- Email [mail]:
mail or other attribute
- Group DN for Workspace Admins:
CN=Workspace_Admins, OU=Group,DC=domain,DC=com
- Note: To skip this option, leave the field blank
- Group DN for Workspace Members:
CN=Workspace_Members, OU=Group,DC=domain,DC=com
- Note: To skip this option, leave the field blank
- Group DN for Workspace Executors:
CN=Workspace_Executors, OU=Group,DC=domain,DC=com
- Note: To skip this option, leave the field blank
- Group DN for Workspace Viewers:
CN=Workspace_Viewers, OU=Group,DC=domain,DC=com
- Note: To skip this option, leave the field blank
- Domain:
- After filling in all fields, the logs will show LDAP configuration complete
- This script can be ran additional times for either different domains or run against the same domain to update/modify the variables or attributes
Test the login to the OneFuse UI
Test the login to the UI using the following format for the username: user@domain.com
*If on OneFuse v1.3, refer to the Manually Add Users section.
Additional commands for LDAP configuration validation or modification
SSH into the OneFuse appliance and run the following command to open the python shell
/opt/cloudbolt/manage.py shell_plus
Prerequisite command for all sub-commands
The below command must be ran to determine and map the LDAP connection for all subsequent commands
Command Description | Code | Example Return |
---|---|---|
List all LDAP Configurations | LDAPUtility.objects.all() | In [1]: LDAPUtility.objects.all() |
Map to the LDAP Configuration based on domain name | ldap = LDAPUtility.objects.get(ldap_domain="domain.com") | N/A |
Subsequent Commands
With the ldap
variable mapped to the LDAP Configuration, the below commands can be executed to query/submit an action against the LDAP Configuration
Command Description | Code | Example Return |
---|---|---|
Search Username in LDAP configuration | ldap.runUserSearch("username") | In [7]: ldap.runUserSearch("username") |
Delete LDAP configuration | ldap.delete() | N/A |
Manually Add Users
*Only perform the steps below for OneFuse v1.3.
- Have the user(s) log in with their Domain Account
- This will add them to the OneFuse Users list
- Have the OneFuse Administrator log in with “admin” and perform the following steps:
- Click on Workspace Admin > User Management from the left navigation menu
- Click on [+ Add]
- Select the user from the list and select the appropriate role.
- Repeat for all Users