Using Active Directory

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsUsing Active Directory
 
(8 intermediate revisions by 3 users not shown)
Line 1: Line 1:
### Tutorial
+
=== Tutorial ===
  
To use Active Directory (AD) authentication over LDAP in a DreamFactory Instance, you must have the PHP LDAP extension enabled. In APT the package is `php5-ldap`, in Yum it's `php-ldap`, and in Windows Bitnami instances it's provided as `php_ldap.dll`.
+
To use Active Directory (AD) authentication over LDAP in a DreamFactory instance, you must have the PHP LDAP extension enabled. In APT the package is <code>php5-ldap</code>, in Yum it’s <code>php-ldap</code>, and in Windows Bitnami instances it’s provided as <code>php_ldap.dll</code>.
  
 
You can then provision an AD service from the 'Services' tab in Admin Console. Click on the 'Create'  
 
You can then provision an AD service from the 'Services' tab in Admin Console. Click on the 'Create'  
 
button on the services tab to create a new service. Select 'adLdap Integration' from the 'Service Type'
 
button on the services tab to create a new service. Select 'adLdap Integration' from the 'Service Type'
 
drop down menu. For the name field use a short, meaningful, one word name for your service. This will be used as your
 
drop down menu. For the name field use a short, meaningful, one word name for your service. This will be used as your
AD service identifier. Fill out rest of the information on this form and then go to 'Config' tab.
+
AD service identifier. Fill out rest of the information on this form and then go to the 'Config' tab.
  
 
[[File:Tutorial using ad 1.png|800px]]
 
[[File:Tutorial using ad 1.png|800px]]
Line 15: Line 15:
 
[[File:Tutorial using ad 2.png|850px]]
 
[[File:Tutorial using ad 2.png|850px]]
  
### API Endpoint
+
'''''Note:''' Username and Password fields are optional. Provide your Active Directory Username and Password to enable additional features of this service.''
 +
 
 +
=== API Endpoint ===
  
 
<pre>POST https://your-url/api/v2/user/session?service={ad_service_name}</pre>
 
<pre>POST https://your-url/api/v2/user/session?service={ad_service_name}</pre>
Line 36: Line 38:
 
</source>
 
</source>
  
### Example - Sign-in using Active Directory Authentication
+
=== Example - Sign-in using Active Directory Authentication ===
 +
 
 +
* AD service name: demo
 +
* Request URL:
 +
<pre>POST https://your-url/api/v2/user/session?service=demo</pre>
  
* Service name: demo
 
* Request URL: <pre>POST https://your-url/api/v2/user/session?service=demo</pre>
 
 
<source lang="JavaScript">
 
<source lang="JavaScript">
 
{
 
{
Line 61: Line 65:
 
}
 
}
 
</source>
 
</source>
 +
 +
One source of confusion among first time users pertains to the lack of a '''POST''' endpoint in the Active Directory or LDAP service's API Docs interface. This does not exist because when authenticating, the URL references '''/api/v2/user/session?...''' rather than the Active Directory / LDAP resource. In other words, session creation occurs by way of the '''user''' REST resource rather than through the mounted directory service itself, with the directory service being identified by the '''service=...''' parameter.

Latest revision as of 16:09, 26 July 2018

Tutorial

To use Active Directory (AD) authentication over LDAP in a DreamFactory instance, you must have the PHP LDAP extension enabled. In APT the package is php5-ldap, in Yum it’s php-ldap, and in Windows Bitnami instances it’s provided as php_ldap.dll.

You can then provision an AD service from the 'Services' tab in Admin Console. Click on the 'Create' button on the services tab to create a new service. Select 'adLdap Integration' from the 'Service Type' drop down menu. For the name field use a short, meaningful, one word name for your service. This will be used as your AD service identifier. Fill out rest of the information on this form and then go to the 'Config' tab.

Tutorial using ad 1.png

On the config form you will need to provide all the details of your AD server and select a default role for your AD service. This role will be assigned (for all applications in the system) to all users signing in using this AD service.

Tutorial using ad 2.png

Note: Username and Password fields are optional. Provide your Active Directory Username and Password to enable additional features of this service.

API Endpoint

POST https://your-url/api/v2/user/session?service={ad_service_name}
{
    "username" : "user_name",
    "password" : "password"
}

-- OR -- 

POST https://your-url/api/v2/user/session
{
    "username" : "user_name",
    "password" : "password",
    "service"  : "ad_service_name"
}

Example - Sign-in using Active Directory Authentication

  • AD service name: demo
  • Request URL: 
POST https://your-url/api/v2/user/session?service=demo
{
   "username" : "user_name",
   "password" : "password"
}
  • Response: 
{
    "session_token": “abc.123abc.efg,
    "session_id": “abc.123abc.efg,
    "id": 1,
    "name": "John",
    "first_name": "John",
    "last_name": "Doe",
    "email": "jdoe@gmail.com",
    "is_sys_admin": false,
    "last_login_date": "2015-06-30 16:46:59",
    "host": "your-url"
}

One source of confusion among first time users pertains to the lack of a POST endpoint in the Active Directory or LDAP service's API Docs interface. This does not exist because when authenticating, the URL references /api/v2/user/session?... rather than the Active Directory / LDAP resource. In other words, session creation occurs by way of the user REST resource rather than through the mounted directory service itself, with the directory service being identified by the service=... parameter.

Retrieved from "https://wiki.dreamfactory.com/index.php?title=DreamFactory/Tutorials/Using_Active_Directory&oldid=34402"