Skip to Content

How do I configure Ezeelogin to authenticate using OpenLdap or Window AD server?

Configuring ezeelogin for authentication with OpenLDAP or Windows AD server


Overview: This article outlines how to configure Ezeelogin for authentication with OpenLDAP or Windows AD servers. It covers the use of the AutoCreate feature for system user creation, steps for integrating OpenLDAP and Windows AD, and importing LDAP users into Ezeelogin for secure authentication, without modifying existing directory attributes. 


With the AutoCreate feature, the backend SSH authentication would not be using PAM-LDAP, instead, it would create a system user in the shell and would then be using system authentication for the backend authentication.

The advantage of using the AutoCreate feature is that you would not have to configure LDAP in ssh or modify your existing Active Directory attributes or OpenLDAP attributes.

Do read more about the drawbacks,  since the ssh authentication would not be via LDAP, here

Make sure that the PHP-LDAP extension is installed on the server.

1. For ubuntu 14.X, 16.x, 18.x, 20.x, 22.x. Replace the PHP version in the below command
 

:~# apt-get install phpx.x-ldap

eg: :~# apt-get install php8.2-ldap

:~# systemctl restart apache2

2. For Centos 6 , 7, 8

:~# yum install php-ldap ; apachectl restart


1. Integration of OpenLdap in ezeelogin jumpserver (Import openldap user to Ezeelogin jumpserver)

Step 1(A): Login to Web-GUI -> open settings -> LDAP

 Step 1(B): Add the details of LDAP configurations. Refer below screenshot

 Step 1(C): Open Settings -> General Settings -> Authentication -> Change webpanel authentication to LDAP

Step 1(D): Open Settings -> General settings -> Security -> Enable Auto Create User

Step 1(E): Select the LDAP users and import them to Ezeelogin.

Step 1(F): You can confirm the imported LDAP users were listed in the Users tab.

After importing the users to Ezeelogin, log in with the user and set up the security code for the user under Account -> Password -> New Security Code.


2. Integration of Windows AD in Ezeelogin(Import Windows AD user to jump server)

Step 2(A): Login to Web-GUI navigate to settings -> LDAP

Step 2(B): Add the details of LDAP configurations & enable the WINDOWS ACTIVE DIRECTORY.

Step 2(C): Open Settings -> General  -> Authentication -> change webpanel authentication to LDAP

Step 2(D): Open Settings -> General -> Security -> enable Auto Create User

Step 2(E): Select the LDAP users and import them to Ezeelogin  


Note: When importing an LDAP user, they will be assigned to the default group or the mapped user group. After the import, if we change the LDAP user to another user group, we will receive a note saying "Group Mismatch." This is not an error.

Step 2(F): You can confirm the imported LDAP users were listed in the Users tab.

Note:  After importing the users to Ezeelogin, log in with the user and set up a security code for the user under Account -> Password -> New Security Code.