1. Overview
Mostly people use LDAP or Active Directory as a central place for user authentication and identity management software. Many services normally are integrated with LDAP or Active Directory such email and computer login. If the service is not integrate with LDAP or Active Directory, users may end up with having many accounts and passwords for their daily work. LDAP or Active Directory have account and password policy which it could enhance security in the internal company. PHPIPAM IP address management system has its own built-in user authentication mechanism, but it also can be integrated with LDAP or an Active Directory domain for user authentication.
In this instruction will show how to integrated PHPIPAM IP address management system authentication with Active Directory (AD) domain.
2. Prerequisites
In this article of integrating PHPIPAM IP address management system with Active Directory (AD) domain, it is supposed that:
a. You have an Active Directory server in place up and running.
b. You have already installed PHPIPAM server. Please refer to this link. Installing PHPIPAM For IP Address Management System on RHEL/CentOS 7
3. PHPIPAM Active Directory Authentication Setting
We need a user account in Active Directory for this integration. For best practice, we should create a dedicated user account for this purpose. In our case now, we use an Active Directory account name “ldap-user”.
First we need to create a user under “User management” of PHPIPAM IP address management system with the same username as on Active Directory ans set authentication type to one of the available methods. Also, we can set permission and group membership for this new user.
Login to your PHPIPAM IP address management system with admin privilege user account. Then, navigate to “Administration” and click on “Users”. On User management section, click on “Create user” button.
Enter the user name and password of this new user exactly the same as Active Directory user. This user will be used to bind PHPIPAM IP address management system authentication with Active Directory server.
Now we can start to create a new authentication methods on PHPIPAM IP address management system by going to Administration menu, click on “Authentication methods”, from “Creat new:” drop-down list select “Create new AD authentication” option.
In the “Active Directory connection settings” windows, we have to input some information as the following. Enter the IP address or FQDN of Active Directory server in the “Domain controllers” box. In the Base DN box type in the distinguished name of any Organization Unit that you want to gain access to PHPIPAM IP address management system. In “Account suffix” box type in “@techspacekh.local”.
In the “Domain account” boxes type in the username and password of the Active Directory account that we use for Active Directory authentication. In our case the username is “ldap-user” and click “Add” button.
Right now we need to create the Active Directory user who need to login to PHPIPAM IP address management system. We need to use the same username with Active Directory account. On “Authentication methods” select the Active Directory authentication name “TechSpaceKH-AD” that created in above step,
Now we can try to login to PHPIPAM IP address management system using the created user in above step and using the Active Directory password of that user account and we should be able to successfully login PHPIPAM IP management system as the following.
7. Conclusion
That’s all about how to integrate your PHPIPAM IP address management system to authentication with LDAP/Active Directory (AD) from Tech Space KH. Hopefully, you can find this guide informative and helpful for IP management tool. If you have any questions or suggestions you can always leave your comments below. I will try all of my best to review and reply them.
