Ask the Community
Groups
Traverse: Authenticate against windows active directory (ldap) - Connect IT Community | Kaseya
<main> <article class="userContent"> <p><strong>QUESTION:</strong></p> <p>How do I integrate Active Directory with Traverse?</p> <p><strong>SOLUTION:</strong></p> <p>Traverse provides customizable framework for validating login user name and passwords against external source, including Radius, Kerberos, LDAP, etc. The '<a rel="nofollow" href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fhelp.kaseya.com%2FwebHelp%2FEN%2FTV%2F9050000%2FDEV%2F%2330296.htm">External Authentication</a>' section of the Traverse <a rel="nofollow" href="/home/leaving?allowTrusted=1&target=http%3A%2F%2Fhelp.kaseya.com%2FwebHelp%2FEN%2FTV%2F9050000%2FDEV%2Findex.asp%23home.htm">Developers Guide</a> provides detailed information regarding how to leverage this feature. Here is a sample script that can be used to authenticate against Active Directory. Please review above document for limitations.</p> <p>In order to use this script, extract the script from the attached ZIP archive and place it under TRAVERSE_HOME/plugin/auth directory on the BVE server. Create the auth directory under plugin if required. It may be necessary to install Net::LDAP and Getopt::Long Perl modules if not available on the server already:</p> <p>win32_libs.zip (attached) contains the required libraries if needed. Please unzip them in C:\Program Files (x86)\Traverse\plugin\auth) and add the following line just above 'use File::Basename;' in the attached "ldap_auth.pl". If you have installed Traverse to the default location, 'C:/Program Files (x86)/Traverse' then the path should be as below. Otherwise please replace 'C:/Program Files (x86)/Traverse' with the path to your Traverse installation directory.</p> <p><strong>use lib "C:/Program Files (x86)/Traverse/plugin/auth/win32_libs";</strong></p> <p>Code:<br>(Linux/Solaris) <br>su<br>perl -MCPAN -e 'install Net::LDAP'<br>perl -MCPAN -e 'install Getopt::Long'<br><strong>Next, edit etc/emerald.xml and remove/comment out (enclose in <!-- -->) the following section:</strong></p> <p>Code:<br><authentication method="des"<br>class=""<br>execute=""<br>parameters=""<br>timeout=""<br>/><br>and add the following configuration block in it's place:</p> <p>Code:<br><authentication<br>method="script"<br>class="" <br>execute="ldap_auth.pl"<br>parameters="--server n.n.n.n --user ${username} --password ${password} --domain myCompany.com"<br>/><br>Replace n.n.n.n with the IP address of the Domain Controller and myCompany.com with the local AD domain name. Finally, restart the Web Application using "etc/webapp.init restart" on Linux/Solaris or Service Controller on Windows.</p> <p>Please take note that LDAP Authentication occurs on port 389.</p> </article> </main>