Authenticate through Fedora Directory Server

Version 2 by Robin Shen
on Apr 04, 2010 01:04.

<< Changes from 1 to 2
compared with
Current by Robin Shen
on Apr 04, 2010 01:08.

 
Key
These lines were removed. This word was removed.
These lines were added. This word was added.

View page history


There are 4 changes. View first change.

 h1. Scenario
 Authenticate users through Active Directory and retrieve associated groups to determine user permission. We assume that:
 # Domain of the Active Directory is example.com.
 # This Active Directory can be accessed through address _ldap://ad.example.com:389_
 # Users and groups are managed under LDAP entry _cn=Users,dc=example,dc=com_.
 # User _Administrator_ is used to search user and group information in this Active Directory.
  Authenticate users through Fedora directory server and retrieve associated groups to determine user permission. We assume that:
 # This directory server can be accessed through address _ldaps://ds.example.com:636_
 # Users are managed under LDAP entry _ou=people,dc=example,dc=com_.
 # Groups are managed under LDAP entry _ou=groups,dc=example,dc=com_.
  
 h1. Resolution
# For each Active Directory group you want to assign QuickBuild permissions, create a group with the same name in QuickBuild, and set proper permissions.
  # For each LDAP group you want to assign QuickBuild permissions, create a group with the same name in QuickBuild, and set proper permissions.
 # Login as Administrator, switch to menu _Authentication->Authenticators_, and add an authenticator of LDAP type like below:
 !fds.png!
# Your users should now be able to login to QuickBuild and access to QuickBuild functionalities will be controlled using the group information from Active Directory.
  # Your users should now be able to login to QuickBuild and access to QuickBuild functionalities will be controlled using the group information from the fedora directory server.
  
 {info}To browse Active Directory user and group information in a LDAP friendly way (that is, be able to browse DN and various attribute names/values), you may need to install a LDAP client (such as [JXplorer|http://www.jxplorer.org]), and connect it to your Active Directory using LDAP url, user and password information listed above.{info}!ad.png!
  {info}To browse directory server user and group information in a LDAP friendly way (that is, be able to browse DN and various attribute names/values), you may need to install a LDAP client (such as [JXplorer|http://www.jxplorer.org]), and connect it to your directory server using LDAP url, user and password information listed above.{info}