Configuring AD Authentication
Onepoint can be accessed through the AD users, below you will have step by step how this configuration is done.
NOTE: To perform this configuration it is necessary the LDAPS enabled.
Directory Backend
1- In Onepoint, go to Settings > Backends.
2- Click New.
3– Select type Directory Backend, Select Class LDAP/AD , Name: ad-”domain”.
4- In parameters, fill in the settings with the DC data.
{
"address": "192.168.15.21",
"authentication": {
"type": "explicit",
"encryption": "none",
"userdn": "[email protected]",
"password": "********"
},
"basedn": "dc=onepoint,dc=local",
"query": {
"computer": {
"filter": "(&(objectcategory=computer)(name=${filter.name}))",
"ou": "",
"id_attribute": "cn"
},
"user": {
"filter": "(&(objectcategory=user)(samaccountname=${filter.name}))",
"ou": "",
"id_attribute": "samaccountname"
},
"group": {
"filter": "(&(objectcategory=group)(samaccountname=${filter.name}))",
"ou": "",
"id_attribute": "samaccountname"
}
}
}
NOTE:The information above is demonstrative, filling has to be done according to the information of your domain.
- After having performed the configurations shown above click on save.
5- The userdn password can be encrypted, so that others do not know what the password is.
- In Onepoint, go to Settings > Encrypt String for encrypting, “password” and save the resulting value.
- In Onepoint, go to Settings > Backends, edit “Directory Backend” In Parameters tab, edit the encryption field for password, in the password field paste the previously encrypted value.
- Click save after making the settings.
Authentication Backend
1- In Onepoint, go to Settings > Backends.
2- Click New.
3- Select type Authentication Backend, Select Class LDAP/AD, Name: ad-“domain”-auth
4- In parameters, fill in the settings with the DC data.
{
"directory_backend": "ad-domain",
"address": "ldaps://127.0.0.1",
"usermapping": {
"type": "resolution",
"replace": "cn=${username},ou=People,dc=domain,dc=com",
"resolution": {
"authentication": {
"type": "auth",
"encryption": "none",
"userdn": "user@domain",
"password": "*****"
},
"basedn": "dc=onepoint,dc=local",
"condition": "(&(objectCategory=user)(samaccountname=${username}))"
}
}
}
NOTE:The information above is demonstrative, filling has to be done according to the information of your domain.
- after having performed the configurations shown above click on save.
5- The userdn password can be encrypted, so that others do not know what the password is.
- In Onepoint, go to Settings > Encrypt String for encrypting, “password” and save the resulting value.
- In Onepoint, go to Settings > Backends, edit “Authentication Backend” In Parameters tab, edit the encryption field for password, in the password field paste the previously encrypted value.
- Click save after making the settings.
AD login priority.
To make login at onepoint a priority with AD, perform the procedures below.
1- In Onepoint, go to Settings > System Properties.
2- Click New.
3- Define the Name: system.default.backend.authentication.ui, Value:ad-“domain”-auth.
4- Click save property.
5- Onepoint log off, note the Authentication Backend field on the home screen.
6- To test if it happened, enter the onepoint with an ad user.