Versions Compared

Old Version 8

changes.mady.by.user HostBill

Saved on

compared with

New Version 9

changes.mady.by.user HostBill

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Domain Controllers: Enter your AD server hostname or list of hostnames separated with a comma

  • Base DN: Enter your Base DN, for example: OU=Base,DC=acme,DC=org

  • Admin username: Your LDAP/AD admin username used to search for users/connecting with domain controller

  • Admin password: Your LDAP/AD admin password for above username

  • Account prefix: If all accounts in your LDAP/AD are prefixed with some string, for ease of use you can prefix them here. When logging in your staff will not be required to enter this prefix

  • Account suffix: If all accounts when login are required to enter suffix (ie. login with admin@acme.org), you can enter it here, so staff will not need to enter it (ie. login only with "admin")

  • Admin account suffix: If your admin account username specified in setting above needs to be suffixed, you can also enter it here

  • LDAP port: enter your LDAP server port, default: 389

  • Admin template: When your staff log in into HostBill using LDAP, and they do not have related account in HostBill, this module will create it for them. Here you can enter username of staff that is already in HostBill as a template for privileges set.

  • Fallback login: When enabled, if LDAP server does not work or user is not found in LDAP, HostBill database will be used as a fallback login. 
    Warning: Without this option enabled, if LDAP is not responding you can be locked out of your admin area. 

  • Store valid password: When fallback login is enabled, once staff login their valid password that authenticates against LDAP can be stored in HostBill database for future logins.

  • Search method: select from available methods:
    • Search by attribute - with this (default) enabled option module will attempt to find entered username by attribute specified in match_attribute setting
    • Search by DN - with this option enabled module will attempt to find user by full DN built out of <account prefix>username<account suffix>
  • match_attribute - used when search method is set to "search by attribute", ie  cn, or userprincipalname
  • secure_config - secure connection method to AD/LDAP. Either ssl or tls or blank. Make sure OpenLDAP tools (i.e: ldapsearch) are capable of querying your secured LDAP server before enabling.
  • bind_mode - When enabled, the module tries to bind to the ldap server using user credentials. When off, the hash function is used. Enable  for ActiveDirectory logins
  • attr_map_firstname - LDAP Attribute containing user's first name, i.e: givenname
  • attr_map_lastname - LDAP Attribute containing user's last name, i.e: sn
  • attr_map_email - LDAP Attribute containing user's email, i.e: mail
  • attr_map_password - with bind mode disabled this attribute will be used to attempt to match user password. 
  • ldap_timeout - Ldap connection timeout (in seconds)
  • Admin team - Select admin team (or none) from your HostBill that newly created staff member not present in HostBill will be auto-assigned to
  • Admin Group Name - If direct search of user by attribute or DN fails in LDAP, module can perform failback search in group members. Enter group name to search in

...

Info
titleNote

After saving changes you can use Test Connection option to check if HostBill can connect/login to domain controller using admin user/password specified.

After confirming you can connect you can also use "Test user" feature in module description to verify whether module can find user entered in test field using current module settings, without the need of re-login



AD/LDAP auth flow