How do I configure Ezeelogin to authenticate using OpenLdap or Window AD server?
Configuring ezeelogin for authentication with OpenLDAP or Windows AD server
Overview: This article outlines how to configure Ezeelogin for authentication with OpenLDAP or Windows AD servers. It covers the use of the AutoCreate feature for system user creation, steps for integrating OpenLDAP and Windows AD, and importing LDAP users into Ezeelogin for secure authentication, without modifying existing directory attributes.
With the AutoCreate feature, the backend SSH authentication would not be using PAM-LDAP, instead, it would create a system user in the shell and would then be using system authentication for the backend authentication.
The advantage of using the AutoCreate feature is that you would not have to configure LDAP in ssh or modify your existing Active Directory attributes or OpenLDAP attributes.
Do read more about the drawbacks, since the ssh authentication would not be via LDAP, here
Make sure that the PHP-LDAP extension is installed on the server.
:~# apt-get install phpx.x-ldap
eg: :~# apt-get install php8.2-ldap
:~# systemctl restart apache2
2. For Centos 6 , 7, 8
:~# yum install php-ldap ; apachectl restart
1. Integration of OpenLdap in ezeelogin jumpserver (Import openldap user to Ezeelogin jumpserver)
Step 1(A): Login to Web-GUI -> open settings -> LDAP
Step 1(B): Add the details of LDAP configurations. Refer below screenshot
Step 1(C): Open Settings -> General Settings -> Authentication -> Change webpanel authentication to LDAP
Step 1(D): Open Settings -> General settings -> Security -> Enable Auto Create User
Step 1(E): Select the LDAP users and import them to Ezeelogin.
Step 1(F): You can confirm the imported LDAP users were listed in the Users tab.
After importing the users to Ezeelogin, log in with the user and set up the security code for the user under Account -> Password -> New Security Code.
2. Integration of Windows AD in Ezeelogin(Import Windows AD user to jump server)
Step 2(A): Login to Web-GUI navigate to settings -> LDAP
Step 2(B): Add the details of LDAP configurations & enable the WINDOWS ACTIVE DIRECTORY.
Step 2(C): Open Settings -> General -> Authentication -> change webpanel authentication to LDAP
Step 2(D): Open Settings -> General -> Security -> enable Auto Create User
Step 2(E): Select the LDAP users and import them to Ezeelogin
Note: When importing an LDAP user, they will be assigned to the default group or the mapped user group. After the import, if we change the LDAP user to another user group, we will receive a note saying "Group Mismatch." This is not an error.
Step 2(F): You can confirm the imported LDAP users were listed in the Users tab.
Note: After importing the users to Ezeelogin, log in with the user and set up a security code for the user under Account -> Password -> New Security Code.
Related Articles:
Configure Ezeelogin to authenticate using Windows_AD(Pam-Ldap) in Ubuntu
How do I configure Ezeelogin to authenticate using Windows_AD(Pam-LDAP) in CentOS
How do I configure Ezeelogin to authenticate using OpenLdap(Pam-Ldap) in CentOS
How to configure Ezeelogin to authenticate using Open_Ldap(Pam-Ldap) in Ubuntu
Assigning user groups for LDAP users?
Can we map the existing user group in LDAP to ezeelogin as the ezeelogin user group?