3.27 – Active Directory, LDAP, RADIUS integration
You can authenticate your users against Active Directory, LDAP or RADIUS server. Please configure your users.json as followings:
For Active Directory or LDAP:
{
"source": {
"type": "AD",
"properties": {
"server": "192.168.12.128:389", //can also be specified without the port
"domain": "mydomain.com",
"groups": "sales, support",
"transferCredential": false
}
}
}
You can let gateway fetch servers from the AD. The following example will fetch all the servers from the "otherLoginWorkstations" attribute:
{
"source": {
"type": "AD",
"properties": {
"server": "192.168.12.128:389",
"domain": "mydomain.com",
"groups": "sales, support",
"transferCredential": false,
"serversAttr": "otherLoginWorkstations"
}
}
}
Gateway can also change AD user password if:
- AD has SSL enabled.
- Export the AD certificate (Public key only) in Base-64 encoded X.509 file format.
- Import the AD certificate to Java keystore with following commands:
Please check https://blogs.msdn.microsoft.com/microsoftrservertigerteam/2017/04/10/step-by-stepguide-to-setup-ldaps-on-windows-server/ for more details.cd JRE\bin (use JDK\bin instead if JRE is not found, for example, OpenJDK11). keytool -importcert -alias "anyName" -keystore \lib\security\cacerts -storepass changeit -file "C:\Users\username\Desktop\exported.cer"
- users.json:
"tls" or "ssl" can be used for the security protocol (secProtocol).{ "source": { "type": "AD", "properties": { "server": "192.168.12.128:389", "secProtocol": "tls", "domain": "mydomain.com", "groups": "sales, support", "transferCredential": false, "serversAttr": "otherLoginWorkstations" } } }
For RADIUS:
{
"source": {
"type": "RADIUS",
"properties": {
"server": "192.168.12.128",
"port": "1812",
"accountingPort": "1813",
"sharedSecret": "test123"
}
}
}
You also need to configure the servers in servers.json.