Difference between revisions of "Backends Configuration"
| Line 65: | Line 65: | ||
} | } | ||
} | } | ||
| + | == XTON CAS == | ||
| + | *'''config.address''': XTON WEB server address | ||
| + | { | ||
| + | "address": "XTON_BASE_WEB_ADDRESS" | ||
| + | } | ||
| + | = Directory Backends = | ||
| + | == LDAP / AD == | ||
| + | *'''config.address''': LDAP / AD server address | ||
| + | *'''config.authentication.type''': Always "explicit". Ignored for now | ||
| + | *'''config.authentication.encryption''': "none" for no ecryption in authentication parameters; "password" for encrypting password; "full" for encrypting both userdn and password | ||
| + | *'''config.authentication.userdn''': Binding User DN | ||
| + | *'''config.authentication.password''': Binding User password | ||
| + | *'''config.basedn''': Base DN for searching | ||
| + | *'''config.query.computer.filter''': Filter for computer query | ||
| + | *'''config.query.computer.ou''': Additional DN segment for computer query (null if none) | ||
| + | *'''config.query.computer.id_attribute''': ID attribute for computer | ||
| + | *'''config.query.user.filter''': Filter for user query | ||
| + | *'''config.query.user.ou''': Additional DN segment for user query (null if none) | ||
| + | *'''config.query.user.id_attribute''': ID attribute for user | ||
| + | *'''config.query.group.filter''': Filter for group query | ||
| + | *'''config.query.group.ou''': Additional DN segment for group query (null if none) | ||
| + | *'''config.query.group.id_attribute''': ID attribute for group | ||
| + | { | ||
| + | "address": "SERVER_ADDRESS", | ||
| + | "authentication": { | ||
| + | "type": "explicit", | ||
| + | "encryption": "none", | ||
| + | "userdn": "BIND_DN", | ||
| + | "password": "BIND_PASSWORD" | ||
| + | }, | ||
| + | "basedn": "BASE_DN", | ||
| + | "query": { | ||
| + | "computer": { | ||
| + | "filter": "(&(objectcategory=computer)(name=${filter.name}))", | ||
| + | "ou": null, | ||
| + | "id_attribute": "cn" | ||
| + | }, | ||
| + | "user": { | ||
| + | "filter": "(&(objectcategory=user)(name=${filter.name}))", | ||
| + | "ou": null, | ||
| + | "id_attribute": "samaccountname" | ||
| + | }, | ||
| + | "group": { | ||
| + | "filter": "(&(objectcategory=group)(name=${filter.name}))", | ||
| + | "ou": null, | ||
| + | "id_attribute": "samaccountname" | ||
| + | } | ||
| + | } | ||
| + | } | ||
Revision as of 11:33, 11 July 2019
Contents
Access Session Backends
Balabit SCB / PSM
- config.address: Address of SCB / PSM box
- config.maptoip: If present, and if equals to "onepoint-access" for resolving IP addresses with Onepoint Assets
- config.connections.ssh._default.port: SSH port for SCB / PSM connections
- config.connections.rdp._default.port: RDP port for SCB / PSM connections
{
"address": "SCB-ADDRESS",
"maptoip": "onepoint-access",
"gateway": {
"protocols": [
"rdp",
"ssh"
],
"connections": {
"ssh": {
"__default": {
"port": 22
},
},
"rdp": {
"__default": {
"port": 443
},
}
}
}
}
Apache Guacamole
- config.address: Address of Apache Guacamole server
- config.maptoip: If present, and if equals to "onepoint-access" for resolving IP addresses with Onepoint Assets
{
"address": "GUACAMOLE-ONEPOINT-ADDRESS",
"maptoip": "onepoint-access"
}
Authentication Backends
LDAP
- config.directory_backend: Associated Directory Backend for user info for the authenticated users
- config.address: Address for the LDAP / AD server
- config.usermapping: "replace" for replacing the config.usermapping.replace attribute with the specified username; "resolution" for resolving the username based on the specified username in LDAP / AD
- config.usermapping.resolution.authentication.type: "none" for anonymous binding, "auth" for binding with config.usermapping.resolution.authentication.userdn and config.usermapping.resolution.authentication.password'
- config.usermapping.resolution.authentication.encryption: "none" for no encryption in auth parameters, "password" for encrypting password only, "full" for encrypting userdn and password. (The encrypted string can be retrieved in Settings > Encrypt String)
- config.usermapping.resolution.authentication.userdn: Plain or encrypted userdn for binding LDAP / AD
- config.usermapping.resolution.authentication.password: Plain or encrypted password for binding LDAP / AD
- config.usermapping.resolution.basedn: BaseDN for querying for resolution
- config.usermapping.resolution.condition: LDAP query for resolution, using ${username} for user name or principal identification attribute
{
"directory_backend": "DIRECTORY_BACKEND",
"address": "LDAP_SERVER_ADDRESS",
"usermapping": {
"type": "resolution",
"replace": "cn=${username},ou=People,dc=domain,dc=com",
"resolution": {
"authentication": {
"type": "none",
"encryption": "none",
"userdn": "BIND_USERDN",
"password": "BIND_PASSWORD"
},
"basedn": "BASE_DN",
"condition": "(&(objectClass=inetorgperson)(uid=${username}))"
}
}
}
XTON CAS
- config.address: XTON WEB server address
{
"address": "XTON_BASE_WEB_ADDRESS"
}
Directory Backends
LDAP / AD
- config.address: LDAP / AD server address
- config.authentication.type: Always "explicit". Ignored for now
- config.authentication.encryption: "none" for no ecryption in authentication parameters; "password" for encrypting password; "full" for encrypting both userdn and password
- config.authentication.userdn: Binding User DN
- config.authentication.password: Binding User password
- config.basedn: Base DN for searching
- config.query.computer.filter: Filter for computer query
- config.query.computer.ou: Additional DN segment for computer query (null if none)
- config.query.computer.id_attribute: ID attribute for computer
- config.query.user.filter: Filter for user query
- config.query.user.ou: Additional DN segment for user query (null if none)
- config.query.user.id_attribute: ID attribute for user
- config.query.group.filter: Filter for group query
- config.query.group.ou: Additional DN segment for group query (null if none)
- config.query.group.id_attribute: ID attribute for group
{
"address": "SERVER_ADDRESS",
"authentication": {
"type": "explicit",
"encryption": "none",
"userdn": "BIND_DN",
"password": "BIND_PASSWORD"
},
"basedn": "BASE_DN",
"query": {
"computer": {
"filter": "(&(objectcategory=computer)(name=${filter.name}))",
"ou": null,
"id_attribute": "cn"
},
"user": {
"filter": "(&(objectcategory=user)(name=${filter.name}))",
"ou": null,
"id_attribute": "samaccountname"
},
"group": {
"filter": "(&(objectcategory=group)(name=${filter.name}))",
"ou": null,
"id_attribute": "samaccountname"
}
}
}
