Settings of a Unix User in ActiveDirectory

AD User properties & Unix Attributes of AD User. Refer article  to setup Unix Attributes in Active Directory

 


Unix Attrbutes of a Group in AD.


Note:

If you dont want to add unix attributes into your AD/Ldap server, then use the autocreate feature which will use the Ldap for webpanel authentication only and the backend/ssh authentication would be via the normal system auth(/etc/passwd /etc/shadow auth) or whatever has been set in pam configuration. However there are certain restriction which are listed below.


  • The password and security code would be the same for a new AD/Ldap user and the AD/Ldap user has to take care to change them from the Ezeelogin webpanel.

  • The AD/Ldap user has to login to the Ezeelogin webpanel first if there has been any change in the Ldap password on the Ldap server. This is to ensure that the password are synced to the ssh backend password system as well.

  • Make sure to set up an  Ldap filter  so that only Ldap users set with a specific attribute may login otherwise any user with an AD/Ldap user account would be able to login. We would recommends you to add an attribute called (group=EZEELOGINUSERS) as  this would help to differeniate between Ldap users and Ldap users that are allowed to  access Ezeelogin.

  • By default any Ldap user authenticating into the Ezeelogin would be assigned to the  Default User Group set.