Using Active Directory

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsUsing Active Directory
Line 1: Line 1:
### Tutorial
+
=== Tutorial ===
  
 
To use Active Directory (AD) authentication over LDAP in a DreamFactory Instance, you must have the PHP LDAP extension enabled. In APT the package is `php5-ldap`, in Yum it's `php-ldap`, and in Windows Bitnami instances it's provided as `php_ldap.dll`.
 
To use Active Directory (AD) authentication over LDAP in a DreamFactory Instance, you must have the PHP LDAP extension enabled. In APT the package is `php5-ldap`, in Yum it's `php-ldap`, and in Windows Bitnami instances it's provided as `php_ldap.dll`.
Line 15: Line 15:
 
[[File:Tutorial using ad 2.png|850px]]
 
[[File:Tutorial using ad 2.png|850px]]
  
> _Note: Username and Password fields are optional. Provide your Active Directory Username and Password to enable additional  
+
    ''Note: Username and Password fields are optional. Provide your Active Directory Username and Password to enable additional  
features of this service._
+
    features of this service.''
  
  
### API Endpoint
+
=== API Endpoint ===
  
 
<pre>POST https://your-url/api/v2/user/session?service={ad_service_name}</pre>
 
<pre>POST https://your-url/api/v2/user/session?service={ad_service_name}</pre>
Line 40: Line 40:
 
</source>
 
</source>
  
### Example - Sign-in using Active Directory Authentication
+
=== Example - Sign-in using Active Directory Authentication ===
  
 
* Service name: demo
 
* Service name: demo

Revision as of 18:26, 3 February 2016

Tutorial

To use Active Directory (AD) authentication over LDAP in a DreamFactory Instance, you must have the PHP LDAP extension enabled. In APT the package is `php5-ldap`, in Yum it's `php-ldap`, and in Windows Bitnami instances it's provided as `php_ldap.dll`.

You can then provision an AD service from the 'Services' tab in Admin Console. Click on the 'Create' button on the services tab to create a new service. Select 'adLdap Integration' from the 'Service Type' drop down menu. For the name field use a short, meaningful, one word name for your service. This will be used as your AD service identifier. Fill out rest of the information on this form and then go to 'Config' tab.

Tutorial using ad 1.png

On the config form you will need to provide all the details of your AD server and select a default role for your AD service. This role will be assigned (for all applications in the system) to all users signing in using this AD service.

Tutorial using ad 2.png

   Note: Username and Password fields are optional. Provide your Active Directory Username and Password to enable additional 
   features of this service.


API Endpoint

POST https://your-url/api/v2/user/session?service={ad_service_name}
{
    "username" : "user_name",
    "password" : "password"
}

-- OR --

POST https://your-url/api/v2/user/session
{
    "username" : "user_name",
    "password" : "password",
    "service"  : "ad_service_name"
}

Example - Sign-in using Active Directory Authentication

  • Service name: demo
  • Request URL:
    POST https://your-url/api/v2/user/session?service=demo
{
   "username" : "user_name",
   "password" : "password"
}
  • Response:
{
    "session_token": “abc.123abc.efg,
    "session_id": “abc.123abc.efg,
    "id": 1,
    "name": "John",
    "first_name": "John",
    "last_name": "Doe",
    "email": "[email protected]",
    "is_sys_admin": false,
    "last_login_date": "2015-06-30 16:46:59",
    "host": "your-url"
}