Setup AD/LDAP Users
Unix Attrbutes of a Group in AD.
If you dont want to add unix attributes into your AD/Ldap server, then use the autocreate feature which will use the Ldap for webpanel authentication only and the backend/ssh authentication would be via the normal system auth(/etc/passwd /etc/shadow auth) or whatever has been set in pam configuration. However there are certain restriction which are listed below.
- The password and security code would be the same for a new AD/Ldap user and the AD/Ldap user has to take care to change them from the Ezeelogin webpanel.
- The AD/Ldap user has to login to the Ezeelogin webpanel first if there has been any change in the Ldap password on the Ldap server. This is to ensure that the password are synced to the ssh backend password system as well.
- Make sure to set up an Ldap filter so that only Ldap users set with a specific attribute may login otherwise any user with an AD/Ldap user account would be able to login. We would recommends you to add an attribute called (group=EZEELOGINUSERS) as this would help to differeniate between Ldap users and Ldap users that are allowed to access Ezeelogin.
- By default any Ldap user authenticating into the Ezeelogin would be assigned to the Default User Group set.