Authentication Sources

The authentication sources page can be accessed via the administer menu:

Administer > Authentication Sources

The authentication sources page forms a part of orcharhino’s user management.

LDAP is one possible source of authentication. The Lightweight Directory Access Protocol (LDAP) is an application layer protocol from the Internet protocol suite. orcharhino’s LDAP authentication can be used to automatically create orcharhino user accounts for any users of one or more preexisting LDAP directories. This can save organizations using LDAP directories a significant amount of administrative work. Organizations that do not already use (or plan to use) LDAP can ignore this feature.

Note

Deleting a user from a connected LDAP source will not delete the user in orcharhino itself. Instead, said user cannot log in to orcharhino anymore.

Viewing an LDAP Authentication Source

Go to the authentication sources page to view any currently connected LDAP server:

Administer > Authentication Sources

Authentication sources
  • The Create button (1) takes you to the creating an LDAP authentication source page.

  • The table (2) lists all authentication sources currently connected to orcharhino.

  • The Delete button (3) from the actions column lets you remove an authentication source.

Creating an LDAP Authentication Source

Clicking the Create button as shown above will present you the following pages:

LDAP server
  • On the LDAP server tab (1), you may enter its general information.

  • Choose a meaningful Name (2) for the LDAP authentication source. This will be displayed on the authentication sources page.

  • The Server field (3) asks for the URL of the server.

  • You may test the connection from the orcharhino to the LDAP server by clicking the green Test Connection button (4).

  • Ticking the LDAPS checkbox (5) allows for encrypted traffic from the orcharhino to the LDAP server.

  • The default port is already put into the Port field (6). By default, LDAPS traffic runs on port 636.

  • The Server type drop down menu (7) lets you select the appropriate server type of the LDAP authentication source. You may choose between FreeIPA, Active Directory, and POSIX.

  • Press the Submit button (8) to submit your input to orcharhino. Remember to also fill out fields on the other tabs.


LDAP account
  • On the Account tab (1), you will be asked about the account to connect to the LDAP server.

  • The Account Username (2) is used for authentication. Any input is optional.

  • The Account Password (3) is also used for authentication. Any input is optional.

  • The Base DN field (4) requires information on the domain component as shown in the example dc=example,dc=com.

  • The Groups base DN field (5) is identical to the field above but for groups.

  • The Use Netgroups checkbox (6) allows you to use netgroups instead of standard groups.

  • The LDAP filter field (7) lets you use a custom search filter.

  • The Automatically Create Accounts In orcharhino checkbox (8) allows you to have orcharhino accounts automatically created once a new LDAP user connects to orcharhino.

  • The Usergroup Sync button (9) allows you to automatically have external user groups synced on login. This is checked by default.

  • Press the Submit button (10) to submit your input to orcharhino. Remember to also fill out fields on the other tabs.


LDAP attribute mappings
  • On the Attribute mappings tab (1) you may set certain LDAP attributes. The example values displayed below each field are generally a valid choice.

  • The Login Name Attribute field (2) refers to the login name of the used LDAP source.

  • The First Name Attribute field (3) refers to the first name of the used LDAP source.

  • The Surname Attribute field (4) refers to the last name of the used LDAP source.

  • The Email Address Attribute field (5) refers to the email address of the used LDAP source.

  • The Photo attribute field (6) refers to the photo of the used LDAP source.

  • Press the Submit button (7) to submit your input to orcharhino. Remember to also fill out fields on the other tabs.


LDAP locations
  • The Locations tab (1) allows you to assign specific locations to the LDAP source.

  • The table of locations (2) displays all available locations. Clicking a location will automatically select it.

  • Press the Submit button (3) to submit your input to orcharhino. Remember to also fill out fields on the other tabs.


LDAP organizations
  • The Organizations tab (1) allows you to assign specific organizations to the LDAP source.

  • The table of organizations (2) displays all available organizations. Clicking an organization will automatically select it.

  • Press the Submit button (3) to submit your input to orcharhino.