Configuring Ezeelogin for authenticating with OpenLDAP or Windows AD server

Overview: This article explains how to set up Ezeelogin to authenticate with OpenLDAP or Windows AD servers. It covers the use of the autocreate feature to automatically create system users, outlines the steps for integrating OpenLDAP and Windows AD, and details the process of importing LDAP users into Ezeelogin for secure authentication, all while preserving existing directory attributes.

while using autocreate feature, the backend SSH authentication would not be using PAM-LDAP, instead, it would create a system user on the server and uses system authentication for the backend access. The advantage of using the autocreate feature is that it eliminates the need to configure LDAP for SSH or modify your existing Active Directory or OpenLDAP attributes.

Do read more about the drawbacks, since the ssh authentication would not be via LDAP, here

1. Install PHP-LDAP extension on the gateway server.

Step 1(A): For ubuntu 14.X, 16.x, 18.x, 20.x, 22.x. Replace the PHP version in the below command

root@gateway:~# apt-get install phpx.x-ldap

eg: :~# apt-get install php8.2-ldap

:~# systemctl restart apache2

Step 1(B): For Centos 6 , 7, 8

root@gateway:~# yum install php-ldap ; apachectl restart

2. Integration of OpenLdap in ezeelogin jumpserver (Import openldap user to Ezeelogin jumpserver)

Step 2(A): Login to Web-GUI -> open settings -> LDAP

How to find base DN and bind RDN from Windows server

Step 2(B): Add the details of LDAP configurations. Refer below screenshot

Step 2(C): Open Settings -> General Settings -> Authentication -> Change webpanel authentication to LDAP

Step 2(D): Open Settings -> General settings -> Security -> Enable Auto Create User

Step 2(E): Navigate to Users -> LDAP and select the LDAP users and import them to Ezeelogin.

Step 2(F): You can confirm the imported LDAP users were listed in the Users tab.

After importing the users to Ezeelogin, log in with the user and set up the security code for the user under Account -> Password -> New Security Code.

3. Integration of Windows AD in Ezeelogin(Import Windows AD user to jump server)

How to find base DN and bind RDN

Step 3(A): Login to Web-GUI navigate to settings -> LDAP

Step 3(B): Add the details of LDAP configurations & enable the WINDOWS ACTIVE DIRECTORY.

Step 3(C): Open Settings -> General -> Authentication -> change webpanel authentication to LDAP

Step 3(D): Open Settings -> General -> Security -> enable Auto Create User

Step 3(E): Navigate to Users -> LDAP and select the LDAP users and import them to Ezeelogin.

When importing an LDAP user, they will be assigned to the default group or the mapped user group. After the import, if we change the LDAP user to another user group, we will receive a note saying "Group Mismatch." This is not an error.

Step 3(F): You can confirm the imported LDAP users were listed in the Users tab.

After importing the users to Ezeelogin, log in with the user and set up a security code for the user under Account -> Password -> New Security Code.

Related Articles:

Configure Ezeelogin to authenticate using Windows_AD(Pam-Ldap) in Ubuntu

How do I configure Ezeelogin to authenticate using Windows_AD(Pam-LDAP) in CentOS

How do I configure Ezeelogin to authenticate using OpenLdap(Pam-Ldap) in CentOS

How to configure Ezeelogin to authenticate using Open_Ldap(Pam-Ldap) in Ubuntu

Assigning user groups for LDAP users?

Can we map the existing user group in LDAP to ezeelogin as the ezeelogin user group?

Add AD as LDAP with non-administrator user