This article explains the steps needed to perform in order to set AXIGEN domain users authenticate to an Active Directory LDAP database
Solution
In order for the users found in AXIGEN to authenticate against an active directory database, you need to create a LDAP connector as explained below.
First of all, an active directory database is, from AXIGEN's point of view, just another LDAP database, so we need to find the attribute whose value is the same as the username given by users to authenticate to AXIGEN's services. This attribute is called sAMAccountName and contains exactly the username needed for login. Having this information will help us set up a LDAP search filter, later on.
Secondly, active directory doesn't allow, by default, anonymous requests to its database entries, so we will need a user (may be a regular user, as they do have access to the database, by default) to login as, in order to query the database for users and be able to login. This user may also be the domain administrator, as we use in this example. In LDAP terms, this user is called Bind DN.
Then, we need a LDAP search base, which is the top most of all entries that we are quering. It is the LDAP path common to all the users we are trying to authenticate as.
These being said, let's have an example of connecting to a standard active directory database. Go to AXIGEN WebAdmin -> Clustering -> Clustering Setup -> LDAP Connectors tab -> Add new connector and set the following attributes:
LDAP Connector name: yourChosenName
This will be used to set in the configuration of the services you want to login to active directory.
LDAP Server Parameters:
IP / Hostname: ad.yourdomain.tld Port: 389 The IP/Hostname attribute and port of the active directory machine for AXIGEN to connect to and perform LDAP queries. In this example the hostname is ad.yourdomain.tld and the port is the standard LDAP port, 389.
LDAP Search Parameters:
Remember that we mentioned that active directory doesn't allow, by default, anonymous requests to its database entries, so we will need a user (may be a regular user, as they do have access to the database, by default) to login as, in order to query the database for users and be able to login. If this is your case you must select Use Administrative DN:
Admin DN: CN=administrator,CN=Users,DC=yourdomain,DC=tld Admin DN Password: ******** In this example, we assume that the domain managed by your active directory is yourdomain.tld, so its root LDAP path would be "DC=yourdomain,DC=tld". Then, the "administrator" user is created by default in the "Users" container.
NOTE: These settings are used only while performing the actual lookup in the directory. They do not refer to the authentication settings for this particular account.
Search Base: CN=Users,DC=yourdomain,DC=tldThe search base, as specified above, is the root of the database where we are searching our entries in.
Search Filter: (sAMAccountName=%u)This is the attribute for each database entry that we are searching for to have exactly the same value as the username (%u). The variable "%u" will expand as the username.
LDAP Attributes Mapping:
The Password Attribute and Hostname attribute attributes when using a ldapBind connection are not used, so we will leave these fields blank.
Press "Quick Add" to add the LDAP connector in AXIGEN's configuration.
In order to make use of the LDAP authentication that we have previously defined, go the the Routing and Authentication tab and set:
Perform LDAP Bind authentication using yourChosenName
Press "Save Configuration" button.
To test if the authentication works correctly, please set the password different from the respective user password from the active directory database. Access the WebMail service and try to login with that username and its active directory password.
NOTE: The user you want to authenticate as, MUST already be created in AXIGEN before trying to login or enable the "Automatically create LDAP authenticated users" via Webadmin -> Domains & Accounts -> Manage Domains -> Edit domain's preferences.
First of all, an active directory database is, from AXIGEN's point of view, just another LDAP database, so we need to find the attribute whose value is the same as the username given by users to authenticate to AXIGEN's services. This attribute is called sAMAccountName and contains exactly the username needed for login. Having this information will help us set up a LDAP search filter, later on.
Secondly, active directory doesn't allow, by default, anonymous requests to its database entries, so we will need a user (may be a regular user, as they do have access to the database, by default) to login as, in order to query the database for users and be able to login. This user may also be the domain administrator, as we use in this example. In LDAP terms, this user is called Bind DN.
Then, we need a LDAP search base, which is the top most of all entries that we are quering. It is the LDAP path common to all the users we are trying to authenticate as.
These being said, let's have an example of connecting to a standard active directory database. Go to AXIGEN WebAdmin -> Clustering -> Clustering Setup -> LDAP Connectors tab -> Add new connector and set the following attributes:
LDAP Connector name: yourChosenName
This will be used to set in the configuration of the services you want to login to active directory.
LDAP Server Parameters:
IP / Hostname: ad.yourdomain.tld Port: 389 The IP/Hostname attribute and port of the active directory machine for AXIGEN to connect to and perform LDAP queries. In this example the hostname is ad.yourdomain.tld and the port is the standard LDAP port, 389.
LDAP Search Parameters:
Remember that we mentioned that active directory doesn't allow, by default, anonymous requests to its database entries, so we will need a user (may be a regular user, as they do have access to the database, by default) to login as, in order to query the database for users and be able to login. If this is your case you must select Use Administrative DN:
Admin DN: CN=administrator,CN=Users,DC=yourdomain,DC=tld Admin DN Password: ******** In this example, we assume that the domain managed by your active directory is yourdomain.tld, so its root LDAP path would be "DC=yourdomain,DC=tld". Then, the "administrator" user is created by default in the "Users" container.
NOTE: These settings are used only while performing the actual lookup in the directory. They do not refer to the authentication settings for this particular account.
Search Base: CN=Users,DC=yourdomain,DC=tldThe search base, as specified above, is the root of the database where we are searching our entries in.
Search Filter: (sAMAccountName=%u)This is the attribute for each database entry that we are searching for to have exactly the same value as the username (%u). The variable "%u" will expand as the username.
LDAP Attributes Mapping:
The Password Attribute and Hostname attribute attributes when using a ldapBind connection are not used, so we will leave these fields blank.
Press "Quick Add" to add the LDAP connector in AXIGEN's configuration.
In order to make use of the LDAP authentication that we have previously defined, go the the Routing and Authentication tab and set:
Perform LDAP Bind authentication using yourChosenName
Press "Save Configuration" button.
To test if the authentication works correctly, please set the password different from the respective user password from the active directory database. Access the WebMail service and try to login with that username and its active directory password.
NOTE: The user you want to authenticate as, MUST already be created in AXIGEN before trying to login or enable the "Automatically create LDAP authenticated users" via Webadmin -> Domains & Accounts -> Manage Domains -> Edit domain's preferences.
OS:
LinuxWindowsFreeBSDMACOpenBSDNetBSDSolaris
Distros:
Windows