wolf/docs/ldap-config.md at master · iGeeky/wolf

LDAP Configuration

Steps and instructions to enable LDAP

Wolf supports LDAP authentication. To enable it, you need to modify the wolf-server configuration and then reboot the server.
After the configuration is complete, the LDAP account information will not be synchronized in real-time by Wolf. It will only be synced once the user logs into the Console or Agent of the Wolf system.
If a new user wants to use a Wolf-managed application for the first time, the general steps are:
- The user logs into the application through the Agent and selects the LDAP login method.
  - Note: The login may fail due to lack of permissions, but the account information will still be synced to Wolf.
- The administrator then authorizes the user in the Console.
- The user can log in again to the application that has been authorized.
LDAP users can only choose to log in using the LDAP method, and not with a password.
The default administrator accounts root and admin added by Wolf can log in using their account password.

Configuration

To configure the Wolf system to use LDAP authentication, you need to modify the configuration file server/conf/config.js. Add the following configuration (the configuration already has a section for ldapConfig__ by default, you can change it to ldapConfig). Please modify the configuration to match your actual environment:

  ldapConfig: {
    label: 'OpenLDAP',
    url: 'ldap://127.0.0.1:389',
    baseDn: 'dc=example,dc=org',
    adminDn: 'cn=admin,dc=example,dc=org',
    adminPassword: '123456',
    userIdBase: 10000 * 100, // wolf user id = ldap user id + userIdBase
    fieldsMap: { // key=wolf-fieldname, value=ldap-fieldname
      id: 'uidNumber',
      username: 'uid',
      nickname: 'dn',
      email: 'mail',
    },
  },

Configuration Description

The following table provides a description of the configuration keys in the server/conf/config.js file for LDAP authentication:

Configuration Key	Description
label	The label that will be displayed as a login option in both `Console` and `Agent`.
url	The URL of the LDAP server.
baseDn	The base DN of the LDAP directory.
adminDn	The DN of the LDAP administrator.
adminPassword	The password of the LDAP administrator.
userIdBase	The base for mapping user IDs when the `LDAP` user is synced to `wolf`. The value of `userIdBase` will be added to the `LDAP` user ID.
fieldsMap	A key-value pair that maps the fields in wolf to the corresponding fields in the LDAP system. The key is the field name in wolf (which can be `id`, `username`, `nickname`, or `email`), and the value is the corresponding field in the LDAP system. The example shows the configuration for `OpenLDAP`.

Once LDAP authentication is enabled, the login options in both `Console` and `Agent` will automatically include an LDAP login option, as shown in the following screenshot:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Steps and instructions to enable LDAP

Configuration

Configuration Description

Once LDAP authentication is enabled, the login options in both `Console` and `Agent` will automatically include an LDAP login option, as shown in the following screenshot:

FilesExpand file tree

ldap-config.md

Latest commit

History

ldap-config.md

File metadata and controls

Steps and instructions to enable LDAP

Configuration

Configuration Description

Once LDAP authentication is enabled, the login options in both Console and Agent will automatically include an LDAP login option, as shown in the following screenshot:

Once LDAP authentication is enabled, the login options in both `Console` and `Agent` will automatically include an LDAP login option, as shown in the following screenshot: