We use active directory for authentication only, not authorization. What this means is you will create users exactly like you do now but you can leave the password field blank (or put anything in it, it is ignored). The username in NexOSS must exactly match the username in active directory. When a user attempts to login, NexOSS will first check if the user exists in the local user file. If yes, NexOSS will then use the supplied username and password and attempt to authenticate with the active directory server. If successful, the user will now be authenticated. Setting up active directory integration disables the excessive login attempt lock on NexOSS.
Question: How do I configure the AD connection for user authentication onto the GUI?
Answer: You must modify the local.js file as user ossadmin on the NexOSS system in order to enable Active-Directory. You must also restart a service (as user root) after the update has been applied. Please see the example below.
[ossadmin@nexoss ~]$ cd OSS/ui/Sails/config/
[ossadmin@nexoss config]$
[ossadmin@nexoss config]$ pwd
/home/ossadmin/OSS/ui/Sails/config
[ossadmin@nexoss config]$
[ossadmin@nexoss config]$ ls -l local.js
-rw-r--r-- 1 ossadmin mysql 215 Mar 11 15:19 local.js
[ossadmin@nexoss config]$
BEFORE:
[ossadmin@nexoss config]$ cat local.js
module.exports = {
app: 'NexOSS',
secret: '*********************************',
api: {
hostname: '127.0.0.1',
port: '2080',
username: 'ossservice',
password: '*********************************',
},
ad: undefined
};
[ossadmin@nexoss config]$
AFTER:
[ossadmin@nexoss config]$ more local.js
module.exports = {
app: 'NexOSS',
secret: '*********************************',
api: {
hostname: '127.0.0.1',
port: '2080',
username: 'ossservice',
password: '*********************************',
},
ad: {
url: 'ldap://10.32.120.x:389',
baseDN: 'dc=fnb,dc=local',
domainName: 'fnb.local'
}
};
[ossadmin@nexoss config]$
Restart the ui-api-server service.
[ossadmin@nexoss ~]# systemctl restart nexoss_ui_api_server