LDAP

This feature list the users on the ldap server that are allowed to access Ezeelogin. The LDAP Settings needs to be configured for this option to show up. Set the WebPanel Authentication  to LDAP. Once this is set the users in AD/LDAP can login. To start the authentication of backend interface using LDAP, make sure to enable AutocreateUser

Users in LDAP - This refers to the ldap users that can access Ezeelogin using ldap authentication.

  • Username The Ldap Username used which would be use to authenticate into Ezeelogin system as well.
  • FirstName The first name as given in Ldap server.
  • LastName  The last name attribute as given in Ldap server.



  • Email The email attribute as given in Ldap server.
  • Status Its of two types they are
    • New   This status new  means the ldap user is yet to login into ezeelogin webinterface nor the ldap user account manually imported,  hence the system user accounts are yet to be initialized which would happen as soon as he logs using his ldap credentials.
    • Exists The status Exists means that the ldap user account has already been imported and exist in the Ezeelogin backend system.
  • UserGroup - The Usergroup that the ldap user belongs to.
  • Notes Extra comments.


Confirm import/update selected user(s)? Note: Web panel authentication is not LDAP. Set access keyword and security code manually for imported users.


Users not in LDAP

This refers to users that do not exist on Ldap server nor authenticated using it.  These users have been directly added into Ezeelogin.

The attributes are same as above except  for

.

  • Status
    • Active The user is active.
    • Suspended The user is suspended.



Notes:

  •  The webpanel authentication works via the LDAP/AD server and the backend/ssh authentication would be via the normal system auth(/etc/passwd /etc/shadow auth) as the LDAP/AD password are automatically synced with system auth mechanism on server or whatever has been set in pam configuration. There are certain restriction  with the backend authentication as listed below.
    • The password and security code would be the same for a new AD/Ldap user and the AD/Ldap user has to take care to change them from the Ezeelogin webpanel.

    • The AD/Ldap user has to login to the Ezeelogin webpanel first if there has been any change in the Ldap password on the Ldap server. This is to ensure that the password are synced to the ssh backend password system as well.

    • Make sure to set up an  Ldap filter  so that only Ldap users set with a specific attribute may login otherwise any user with an AD/Ldap user account would be able to login. We would recommends you to add an attribute called (group=EZEELOGINUSERS) as  this would help to differeniate between Ldap users and Ldap users that are allowed to  access Ezeelogin.

    • By default any Ldap user authenticating into the Ezeelogin would be assigned to the  Default User Group set.