XorMon NG natively supports AD and LDAP authorisation.
Navigate to UI ➡ Settings ➡ Users ➡ LDAP
Click on + Add Configuration button and name new configuration.
Multiple configurations can be in use with precedence from left to right (re-order by arrows next to configuration name).
Login service first tries to authenticate user against local account in XorMon NG.
If not successful, it continues with LDAP configurations when enabled.
Directory Server
Enter LDAP URI with correct matching of protocol scheme and port number: e.g.
ldaps:// for 636 (default if no port specified) or 3269 (preferred)
ldap:// for 389 (default if no port specified) or 3268 (preferred).
Attributes
Enter
Base DN for all LDAP operations (e.g. dc=ad,dc=xorux,dc=com).
Optionally enter Group Base to restrict group listing to only this subtree.
Optionally enter User Base to restrict access to users only in this subtree.
Optionally enter Required User Group to allow login only to accounts with assigned group specified by this full DN.
Specify
User ObjectClass value identifying user objects (e.g. user).
Specify
User Filter Attribute name corresponding to login username (e.g.
userPrincipalName
for usernames like user@ad.xorux.com or
sAMAccountName
for Windows NT 4.0 logon names like ad\user).
Specify
Group ObjectClass value identifying group objects (e.g. group).
Specify
Group Filter Attribute name which lists users within group (e.g. member).
Username prefix/postfix allows you to skip domain part of username in login fields.
UserPrincipalName can be found from sAMAccountName logon name by:
ldapsearch -LLL -H ldap://your.ad.hostname -D 'yourdomain\yourusername' -W -x -b 'dc=your,dc=ad,dc=base' '(&(objectClass=user)(sAMAccountName=yourusername))' userPrincipalName
If command is not found then install openldap-clients under root:
yum install openldap-clients
ACL
LDAP groups can be assigned to XorMon NG groups in:
UI ➡ Top-right ➡ Settings (Configuration) ➡ Users ➡ Groups under LDAP groups tab for each selected group.