Email Us at info@n3uron.com

Download N3uron
Back to videos

N3uron Node / N3uron Security

Microsoft’s Active Directory

Description

In this video of our N3uron Academy, we will show you how to configure an LDAP user and an LDAP group in N3uron.

  • [02:13]  Roles

  • [01:16]  Users

  • [02:42]  Active Directory

Transcription

[00:00] The Active Directory Authentication profile uses Microsoft’s Active Directory over LDAP to store all users, roles, and more that make up an Authentication profile. Active Directory Groups are used for N3uron’s roles and user-role mappings. In this video, we are going to show you how to configure an LDAP user and an LDAP group in N3uron. While using an Active Directory User Source, administration of users and roles is done through the Active Directory itself and is not manageable within N3uron. Therefore, adding new users to an Active Directory User Source or modifying pre-existing users, must be made from the Active Directory, usually through an Active Directory Administrator. To create an LDAP group, first, we should create the Active Directory server connection. To do this, login into the WebUI and inside Config, go to the LDAP section.

[01:02] Next, click on the button on the left-hand side of Model and choose a name for the connection. Once created, let’s go over the configuration parameters. First, let’s configure the LDAP host and the port of the LDAP server that N3uron will connect to. In this case, we’ll set  IP bla, bla, bla for the Host and 389 for the Port. We can also specify the Base DN, which is optional and usually not required. Then, set a Domain (ours is N3TEST). The admin user and password are optional and only needed in case users don’t have permission to retrieve their own groups. Finally, don’t forget to save the changes. Now,  head to Users/Groups in the Roles section.  Here,  let’s create and configure an LDAP group and assign a role to it.  To do so,  click on the ellipsis button on the left-hand side of Model and select New LDAP group.  The name we use for the group in N3uron will be compared to the value of the object attribute we select here.

[02:00] In this case,  we will use sAMAccountName,  but it will depend on your Active Directory configuration.  In any case,  there must exist a group in Active Directory with the same exact name as the one we use in N3uron. Once created,  we will assign a Role to the created Group. To do this, click the button on the right-hand side of the Assigned roles and click on New AuthRole.  Then, select the Role you want to assign to the Group and save the configuration. The configuration of an LDAP user is identical, except for the fact that it would apply to the user object rather than to the group object in your Active Directory.