Versions Compared

Version Old Version 17 New Version 18
Changes made by

MS

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Format: API Documentation tip added

Table of Contents

...

  1. Configure the Abiquo Properties as described below
  2. Check LDAP/AD users have all information to be passed to Abiquo as described below
  3. Log in to Abiquo as the admin user. Remember to set a secure password
  4. In Abiquo, create the following entities to match your LDAP/AD entities:
    1. Abiquo enterprises with the naming matching the value of the appropriate attribute from LDAP/AD. For details of how to create an enterprise, see Manage Enterprisesenterprises
    2. Abiquo roles with the External roles attribute set to the LDAP/AD groups of the role, see Manage Roles
      1. To use external roles, enter the role name only, for example:
        • External roles:  
          • my_ldap_role_01
          • my_ldap_role_02

...

To support LDAP/AD configure the following properties. See also Abiquo Configuration Properties#ldapconfiguration properties#ldap

Property

Default Value

Explanation _____________________________________________

abiquo.auth.module

abiquo

Whether Abiquo should authenticate only via database or it should also authenticate against LDAP/Active Directory.
Values: abiquo , ldap, openid

abiquo.ldap.authentication.server.url

 

URL of LDAP/Active Directory server

abiquo.ldap.authentication.server.port

389

Port to connect to on LDAP/Active Directory server.
You must enter this property, even if it is the default value

abiquo.ldap.authentication.server.protocol

ldap

Protocol to be used when authenticating to LDAP/Active Directory. Values: ldap , ldaps

abiquo.ldap.authentication.server.baseDN

 

Base Distinguished Name of the LDAP/Active Directory.
Usually it is the Domain Controller (or Domain in Windows).
For example, if the domain is office1.mycompany.com, you would enter "DC=office1,DC=mycompany,DC=com".

abiquo.ldap.authentication.custom.userDnPattern

cn={0},CN=Users

Use this property to tell Abiquo to perform an additional custom query against the specified schema in the LDAP/Active Directory.
This value is required. With the default value, Abiquo does not perform an additional query.
For a non-standard schema, enter the userDN pattern to successfully bind to LDAP/AD.

abiquo.ldap.authentication.attribute.enterprise

organizationname

The attribute in LDAP/Active Directory to look up the Enterprise Name which must be an Enterprise in Abiquo.

  • In OpenLDAP this value normally defaults to 'o'.
  • In Active Directory it defaults to 'company' but you could map it to 'department'.
abiquo.ldap.authentication.autoUserCreationtrueWhether Abiquo must create a user in Abiquo based on a successful login to LDAP


Information that Abiquo retrieves to create users

...

Include Page
LDAP compatibility versions table
LDAP compatibility versions table

Login Resource


Tip
title API Documentation

For the Abiquo API documentation of this feature, see Abiquo API Resources and the page for this resource LoginResource.


To perform a login, and retrieve the currently logged in user the API has a LoginResource. This is a secure resource that can only be accessed after a successful login.

...

If you are have connection timeout issues, you can also set the connection timeout and read timeout in abiquo.properties. See Abiquo Configuration Properties#ldapconfiguration properties#ldap  

Abiquo does not guarantee the uniqueness of users based on their username. Abiquo users are made unique by username + authType. AuthType is what the user is logged in against. So it is possible to have more than one user with the same username as long as their 'AuthType' is different and the platform should log in the appropriate user based on the authentication module property.