The Microsoft Active Directory (AD) is a directory service that enables service providers to manage users from within their entire infrastructure from a single location. An AD administrator can create/block/delete user records, manage their details, and provide access to all corporate resources (for example, Microsoft SharePoint, Microsoft Teams, or Odoo CRM) via the AD.
An AD administrator can create user records in AD to manage access to:
- the PortaBilling web interface, and
- the Configuration server web interface.
To communicate with the AD, PortaBilling supports the Lightweight Directory Access Protocol (LDAP). Thus, to enable PortaBilling to interact with the AD, contact the LDAP server administrator to obtain the required data.
To enable the Configuration server web interface interaction with the AD
Go to the Configuration server and complete the following steps:
- Clone the existing configuration.
- Specify these parameters under the PortaSwitch.ConfiguratorAuth group:
- LDAP_Address – the address to access the LDAP server. Click Add to specify one or more redundant LDAP server addresses.
- LDAP_SearchUserLogin – a service user’s username to access the LDAP server.
- LDAP_SearchUserPassword – a service user’s password to access the LDAP server.
- LDAP_SearchUsersBase – the starting point for the accounts search in the directory tree.,
- LDAP_UsersDN – the distinguished name pattern for the users.
- LDAP_FieldLogin – the name of the LDAP attribute, corresponds to the User.login Configurator DB attribute.
- LDAP_FieldRole – the name of the LDAP attribute, corresponds to the Roles.name Configurator DB attribute.
- LDAP_FieldEmail – the name of the LDAP attribute, corresponds to the User.email Configurator DB attribute.
- LDAP_UsersDataSyncPeriod – frequency of data synchronization by the periodic task between the Configuration server web interface and the AD. By default, data is synchronized every 10 minutes.
- WebUserAuthMode – to enable authorization via the LDAP, select LDAP only.
- Click Verify to verify the configuration.
- Click Check/Apply to apply the configuration.
To enable PortaBilling web interface interaction with the AD
Go to the Configuration server and complete the following steps:
- Clone the existing configuration.
- Specify these parameters under the Web_Cluster.WebAuth group:
- LDAP_Address – the address to access the LDAP server. Click Add to specify one or more redundant LDAP server addresses.
- LDAP_SearchUserLogin – a service user’s username to access the LDAP server.
- LDAP_SearchUserPassword – a service user’s password to access the LDAP server.
- LDAP_SearchUsersBase – the starting point for the accounts search in the directory tree.
- LDAP_UsersDN – the distinguished name pattern for the users.
- LDAP_FieldLogin – the name of the LDAP attribute corresponds to the ‘login’ attribute for PortaBilling users.
- LDAP_FieldRole – the name of the LDAP attribute corresponds to the ‘role’ attribute for PortaBilling users.
- LDAP_FieldEmail – the name of the LDAP attribute corresponds to the ‘email’ attribute for PortaBilling users.
- LDAP_FieldIEnv – the name of the LDAP attribute corresponds to the ‘i_env’ attribute for PortaBilling users.
- LDAP_UsersDataSyncPeriod – frequency of data synchronization by the periodic task between PortaBilling and the AD. By default, data is synchronized every 10 minutes.
- WebUserAuthMode – to enable authorization via the LDAP, select LDAP only.
- Click Verify to verify the configuration.
- Click Check/Apply to apply the configuration.