Houdini 21.0 Installation and Licensing User Authentication

LDAP Credentials

Organizations can use their existing LDAP credentials for their employees to drive authentication in sesinetd.

Configure LDAP

As each organization will have slightly different setups for their LDAP deployment a YAML configuration file is used to define the various properties sesinetd requires to authenticate users against an organizations LDAP.

Configuration properties

server_url

The LDAP server url for your organization.

bind_as_auth_user

If true, authentication will leave the LDAP connection bound as the authenticating user instead of forcing the server to re-bind with the default credentials after authentication succeeds.

bind_dn

The distinguished name to use when binding to the LDAP server. This will be used for all LDAP calls other then authenticating the user as the users DN and password are used instead.

bind_dn_password

The password to use with bind_dn.

user_search

  • dn: The distinguished name to be used as part of the user search filter.

  • scope: Specifies the search scope. It can be one of base, onelevel, subtree.

  • filter: Specifies the search filter for the user.

group_search

  • dn: The distinguished name to be used to search up a users groups.

  • scope: Specifies the search scope. It can be one of base, onelevel, subtree

  • filter: Specifies the filter for the group search.

group_type

  • type: Specifies the type of group returned by the group_search. Currently posix_group is the only supported group type.

  • name_attr: Specifies the name attribute for the license server to pull the group name from the returned info after searching for groups.

user_attrib_map

Provides the information to the license server to map important user information to LDAP user info attributes.

  • first_name: Provide the user attribute name for the users first name.

  • last_name: Provide the user attribute name for the users last name.

  • email: Provide the user attribute name for the users email address.

always_update_user

If true the user information is updated with the latest values from the LDAP information everytime the user logs in.

cache_timeout

The value determines the amount of seconds a user’s group memberships and distinguished name are cached. The default is 0 which disables caching and is not recommended for production use cases as this will overwhelm your LDAP server.

Sample LDAP config file 

server_url: "ldap://ldap1.myorg.com"
bind_as_auth_user: false
bind_dn: "cn=mylicenseadmin,dc=myorg,dc=com"
bind_dn_password: "my bind dn password"
user_search:
  dn: "ou=people,dc=myorg,dc=com"
  scope: "subtree"
  filter: "(uid={user})"
group_search:
  dn: "ou=groups,dc=myorg,dc=com"
  scope: "subtree"
  filter: "(objectClass=posixGroup)"
group_type:
  type: "posix_group"
  name_attr: "cn"
user_attrib_map:
  first_name: "givenName"
  last_name: "sn"
  email: "mail"
always_update_user: true
cache_timeout: 300

User Authentication

Authentication Methods