Logpoint Authentication is the standard user authentication. Enter your username and password, and Logpoint verifies your credentials from the database and authenticates you.
If your organization uses LDAP, you can use LDAP authentication to authenticate the users. You can configure Logpoint to pull the user credentials and role-based access control rules from the existing LDAP directory.
To use LDAP authentication, you must first configure the LDAP Strategy in Logpoint.
You can use the following parameters to login via LDAP:
Using DN
standard DN format eg. CN=john, OU=people, DC=example, DC=com
Using sAMAccountName
sAMAccountName@domain eg: john@example.com
domain\sAMAccountName eg: example.com\john
Using uid
uid@domain eg: john@example.com
domain\uid eg: example.com\john
After you create an LDAP strategy, it gets added to the LDAP Authentication Management feed. Make sure that the Unique Field in your LDAP strategy is configured so that the corresponding users can be uniquely mapped in Logpoint. As a result, new users won’t be created in Logpoint when they are moved to a new Organizational Unit in the LDAP server. If you have any duplicate LDAP users in Logpoint, make sure to delete them manually.
Go to Settings >> System Settings from the navigation bar and click Plugins.
Search for LDAP Authentication.
Click Manage.
LDAP Authentication¶
Click Add.
Configuring LDAP Strategy¶
In LDAP STRATEGY INFORMATION, enter the Name and Description of the LDAP strategy.
In LDAP CONNECTION SETTINGS:
Enter the Host/Port address of the LDAP server that authenticates the user.
Enable SSL (Secure Sockets Layer) to establish an encrypted link.
Enter a Bind DN which is a distinguished name for the LDAP server.
Enter and confirm the Password to authenticate the user.
In LDAP USER/GROUP MAPPING, select either a User or a Group. For the User, enter the memberOf and for the Group, enter the member information.
The fields in USER SETTINGS and GROUP SETTINGS are updated according to the values entered in the LDAP Connection Settings.
The User Base DN is the node in which the LDAP users are present.
The Group Mem Attr and the User Name Attr are attributes of the group member and the user provided in the database respectively.
The Filter is the string that filters in the user results.
Select Authenticate Using parameter from the dropdown menu. It is required during login.
Choose dn to use standard DN format for login; uid to use uid for login (uid for Linux system) and SAM Account Name to use SAM Account Name for login (SAM Account Name for Windows).
Group Base DN is the node in which the LDAP groups are present.
Mem Group Attr contains the members belonging to a group.
Group Name Attr is the attribute of group name provided in the database.
Select a Unique Field for the user. Logpoint uses the value of the selected field to uniquely identify each LDAP user.
Enable or Disable the paginated search. You can choose to paginate the search if the remote server offers paginated search service.
In SETTINGS, enter the Username Template and the Fullname Template in the jinja format.
For example: If the user attributes inside Active Directory is displayName, FirstName and LastName then:
Username Template = {{displayName}}
Fullname Template = {{FirstName}} {{LastName}}
Click Submit.
Warning
Deleting a previously configured LDAP strategy deletes all the associated LDAP users & their personalized content.
After configuring an LDAP Strategy, you can map the LDAP groups to Logpoint User Groups. While mapping multiple LDAP User Groups to Logpoint User Groups, there is a particular scenario called LDAP concatenation of Users and Permission Groups. The permission of the LDAP User Group depends on the permission given in the Logpoint User group.
Click the Map LDAP Groups to Logpoint User Groups (
) icon in Actions.
LDAP GROUPS lists all the LDAP Group Names. Select the group name you want to edit.
In EDIT LDAP GROUP, the LDAP Group Name and LDAP Group DN is filled by default. Select a Logpoint User Group and TimeZone from the dropdowns.
Edit LDAP Groups¶
Click Submit. LDAP GROUPS now displays the User Group and Timezone information for the edited group.
LDAP Groups¶
Now, you can log into Logpoint via LDAP Authentication.
LDAP Authentication¶
The LDAP server data connects with Logpoint and stores data in the database. First, Logpoint makes the connection with the LDAP server using the data from LDAP strategy. Once the connection is established, Logpoint obtains the data (LDAP group) from the server. After Logpoint receives LDAP groups, the User Group Mapping window enlists them. You have to select the required LDAP group to map to the Logpoint user group. Once you establish the mapping, the database stores the content -LDAP group, user group and the DN associated with it. Any update to user group mapping gets reflected every time you log into Logpoint.
Configuring a default domain for LDAP Authentication automates the domain selection process during login. Logpoint automatically uses the configured default domain when you open the LDAP Authentication login page.
To configure a default domain:
Go to Settings >> System Settings from the navigation bar and click Plugins.
Search LDAP Authentication.
Click Manage.
Click Settings.
Select your domain from the Default Domain dropdown.
LDAP Authentication Default Settings¶
Click Save.
On the login page, click Other Authentication Options.
Select LDAP Authentication.
Enter the Username and Password.
Select a Domain if you have not configured default domain.
Click Login.
The following parameters are used for communication:
Host
Port
Bind DN
Bind DN password
SSL enabled or not
There are two ways to communicate:
Simple communication
Communication using SSL
For simple communication, Python-LDAP library is used. It uses the host and port 389 to connect to the LDAP server. Once the connection is established, Bind DN and Bind Password are used to bind the required user.
For SSL communication, set the certificate for SSL connection and repeat the process similar to simple communication. The port used for SSL communication is 636.
To reset your password:
On the login page, click Forgot Password?.
Enter a valid Username.
Click Send.
A password reset link is sent to the e-mail address associated with the username.
Warning
The link expires in an hour.