NetworkMaps can now be integrated with your existing LDAP infrastructure. In this model, users and user authentication are no longer managed by NetworkMaps, but by your existing LDAP infrastructure. This can be a server like OpenLDAP or Active Directory.

Once LDAP is configured, NetworkMaps will start depending on your LDAP server to authenticate your users.

1. When a user tries to authenticate, NetworkMaps, will try to authenticate this user to the LDAP server.
2. Users will still authenticate using their email address (email address has to be stored on ldap server).
3. You can define a list of LDAP groups users have to belong to to be able to login. NetworMaps will cache the contents of these groups and refresh this cache on a predefined frecuency (defined in configuration).
4. Users won't be able to change their passwords or data from NetworkMaps user interface.
5. Users will only be allowed to share diagrams with users on LDAP directory.

There is a set of parameters needed for NetworkMaps to be able to talk to your LDAP infrastructure. For placement of these parameters, please check the config file documentation.

• ldap_grouprefresh: Located under timers, this setting controls how often group membership is refreshed. By default, Networkmaps will use 600 (10 minutes).
• authentication: Located under users, this settings controls what authentication method we will use. By default, it is local indicating that NetworkMaps uses it's local user database for authentication. We have to change this value to ldap.
• ldap: Located under users, this is the section where you define all the parameters related to ldap server. Inside this section you define the following parameters:
  • host: name or IP of the LDAP server to authenticate to.
  • port: port where this server is listening.
  • is_secured: boolean defining if the connection uses SSL/TLS (LDAPS) or not (LDAP). By default, this is false.
  • verify_cert: if the connection is secured, is NetworkMaps going to verify if the LDAP server certificate is valid. Defaults to true (and recomended).
  • bind_required: NetworkMaps needs to do searches on LDAP to be able to authenticate users. Some LDAP servers (like active directory)might not allow to do searches by unauthenticated users. If this is the case, set this to true and specify on the following parameters the user to be used for these searches. Defaults to false.
  • search_dn: dn of the user we will use to search on LDAP server.
  • search_password: password of the user we will use to search on LDAP server.
  • base_dn: base DN used when searching for users and groups.
  • objectclass_user: object class used by the LDAP server to identify users. By default, this will be inetOrgPerson.
  • allowed_groups_dn: this will be a list of group DN. it will identify which group of users are allowed to access NetworkMaps. If this list is empty, NetworkMaps will allow any user on the LDAP server to access it.
  • group_recursion: in some cases, LDAP servers might have groups inside groups (nested groups). If we have to find what users belong to a group, we have to do nested searches. This parameter identifies how deep we will search inside a group. Defaults to 0 (don't look for users inside groups inside groups).
  • email_attribute: name of the attribute on an LDAP user used to store email addresses of users. Defaults to "mail".
  • name_attribute: name of the attribute on an LDAP user used to store name of users. Defaults to "givenName".
  • lastname_attribute: name of the attribute on an LDAP user used to store last name of users. Defaults to "sn".
  • member_attribute: name of the attribute on an LDAP group used to store group members. Defaults to "member".

{
    "timers": {
        "ldap_grouprefresh": 40
    },
    "socket": {
        "address": "10.0.0.3",
        "port": 3000
    },
    "users":
    {
        "allowed_domains": ["networkmaps.org"],
        "authentication": "ldap",
        "ldap": {
            "host": "10.0.0.5",
            "port": 389,
            "is_secure": false,
            "bind_required": true,
            "search_dn": "cn=admin,dc=networkmaps,dc=org",
            "search_password": "password123",
            "base_dn": "dc=networkmaps,dc=org",
            "objectclass_user": "inetOrgPerson",
            "allowed_groups_dn": ["cn=nm_group,ou=groups,dc=networkmaps,dc=org"],
            "group_recursion": 0,
            "email_attribute": "mail",
            "name_attribute": "givenName",
            "lastname_attribute": "sn",
            "member_attribute": "member"
        }
    }
}