Quick Settings

Setup these environment variables to define your server

LDAP server address. LDAP_SERVER=localhost

LDAP server port. LDAP_PORT=389

LDAP user query format. LDAP_USER_DN_FORMAT=uid={cn},ou=people,{LDAP_ROOT_DN}

LDAP configuration settings

There are a few configuration settings that can be set using environment variables for the reporter container. Your LDAP or AD export should understand them

environment name description default value
LDAP_SERVER host name LDAP server
LDAP_SERVER_PORT port of the LDAP server 389
LDAP_BIND name to use when binding to the LDAP server on query page cn=admin,dc=example,dc=org
LDAP_BIND_PASSWORD password to use when binding to the LDAP server on query page admin
LDAP_ROOT_DN root name dc=example,dc=org
LDAP_USER_DN_FORMAT Python format string to get a user cn={cn},{LDAP_ROOT_DN}
LDAP_USER_EMAIL_FORMAT Python format string to make an email address if no mail attribute {uid}@ldap.com
LDAP_ATTRIBUTES_FILTER Filter for looking up login names (objectClass=*)
LDAP_QUERY_GROUP_ATTR Attribute for the group name cn
LDAP_QUERY_GROUP_BASE Base query for returning groups of a user ou=groups,dc=example,dc=org
LDAP_QUERY_GROUP Query for returning groups of a user (&(objectClass=posixGroup)(uniqueMember=uid={cn},ou=people,dc=example,dc=org))
CUSTOM_LOGIN_HTML HTML to display on the login screen

Login method

Login will be by a page in Prophund Reporter that requests the user name and password of the LDAP record.

The login page can be modified by using CUSTOM_LOGIN_HTML to provide your own login message.

Any login problems will return a custom message by setting CUSTOM_LOGIN_INFORMATION_HTML.

Once logged in the session will remain valid for a default of one year. Use the LOGIN_TIMEOUT_SECONDS setting to control this

Testing

Use the hidden page `/security/page_ldap_query` to test query strings, attributes and base names.

The LDAP_BIND_PASSWORD and LDAP_BIND environment variables are used to configure the query page.