Active Directory Integration

From Lianjapedia
Jump to: navigation, search

Lianja can optionally use LDAP/Active Directory integration for roles and permissions.

If the environment variable LIANJA_LDAP=ON is set then LDAP user authentication is performed and the Groups that the user belongs to correspond to Roles in the App.

You also need to specify the base dn as an environment variable which is used as the root to search for groups assigned to a specific user e.g LIANJA_LDAP_BASEDN="ou=users,dc=yourdomain,dc=com".

For testing you can set LIANJA_LDAP=OFF and use the Lianja users.

So just to clarify the following environment variables are required when LDAP/AD is used for roles and permissions.

LIANJA_LDAP=ON

LIANJA_LDAP_SERVER=IPaddress[:port]

LIANJA_LDAP_BASEDN="ou=users,dc=yourdomain,dc=com"

You can test the LDAP/AD authentication using:

LDAP_LOGIN()

ldap_login(cUserName, cPassword [, cLdapServer[:port] [, cLdapBasedn]])

or LDAP_USERROLES()

ldap_userroles(cUserName, cLdapServer[:port] [, cLdapBasedn])

This function returns the LDAP/AD Groups that the user belongs to which correspond to roles in Lianja.

The Lianja Cloud Server and the Lianja App Center (runtime) will use LDAP if the above environment variables are specified.

If you have any problems with LDAP you can SET DEBUG ON and a trace file will be written into the debug directory "ldap_xxx.txt" where xxx is the process id of the user.