LDAP

LDAP

If you need any help configuring the following steps, be sure to get in touch: info@vizito.be or via chat.

Step 1: NodeJS

Use your favorite package manager to install NodeJS

Step 2: Azure AD client

Download and extract our Azure AD client to a directory of your choice

Step 3: Config

Edit config.json to match your environment.

Steps 4 and 5 need to be executed by your Azure AD administrator

Step 4: Add an App Registration to your Azure AD

Go to https://portal.azure.com and log in. Select the domain / tenant you would like to integrate with Vizito.

Now, follow these steps:

Navigate to Azure Active Directory:

Click on App Registrations and then on New application registration:

Fill in the required fields. For example: Vizito Azure AD integration, application type Web app / API and sign-on URL: https://backoffice.vizito.be/oauth.
Click on Create.

Copy the Application ID and fill this value in in the config.json file under client_id.

Afterwards, clik on settings.

Click on Keys and Add:

Fill in a description like API Key and set expires to never.

Click on Save.

Now, a key is generated and this key will only be displayed once, so copy paste it immediately to the config.json file of the installed Vizito Azure AD Client.

You need to put this value in the field client_secret.

Now, click on Required Permissions and Add.

Select the option Select an API:

Select Microsoft Graph:

Select Read all users' full profiles under App Permissions (not Delegated Permissions!):

Once completed, click on Grant permissions and then Yes:

Now, click on the Azure Active Directory icon on the left hand side, go to Properties and copy your tenant ID and paste this value in the config.json file in field tenant_id.

Step 5: Run

Open a command prompt, navigate to the folder where your Azure AD client resides, and run "node server.js"

If everything works as intended, you should see a line like this in your console: https://graph.microsoft.com/v1.0/users?$top=999.

You can now use a browser to test the Azure AD http server by pointing your browser to http://ip_or_hostname_of_machine_running_azure_ad_client:48800.
If you're running a firewall, make sure it allows access to port 48800.
If your browser shows a JSON object representing the users you want to expose, than everything works!

Step 6: Configure the backoffice to make the tablet connect to the client

Navigate to https://backoffice.vizito.be and under Settings, configure the Host datasource as 'Managed externally' and fill in the Integration URL.
Now the tablet will look up the information from the installed client.

Step 7 (optional): Use NSSM to daemonize the node process as a Windows Service.

Download the latest release of NSSM at https://nssm.cc/download
extract the appropriate architecture executable to a folder of your choice.
now run the following command: nssm install vizito_azure_ad_client
This will show a window where your service parameters can be configured.

  • Select "node.exe" as Path. It can usually be found in c:\Program Files (x86)\nodejs\node.exe
  • Edit the Startup directory and point it to the folder where your Azure AD client resides
  • Type the full path to server.js in the Arguments field
  • Optionally, you can set a Display name for your service in the Details tab.

Now go to your Windows Services, start your newly created service, and test! Remember to stop any manually started instances of the Azure AD client before starting the service.

 

on 08/17/2018 by Pieter-Jan Dries
Was this helpful?

Step 1: NodeJS

Use your favorite package manager to install NodeJS

Step 2: LDAP client

Download and extract our LDAP client to a directory of your choice

Step 3: Config

Edit config.json to match your environment.

Here you can find the configuration values and a description of what information you need to enter:

JSON property Mandatory  Description
ldap_url Yes  The internal URL / IP of your LDAP server. Example: ldap://ldap.forumsys.com .
ldap_bind_credentials.user_cn Yes  The user CN that is used for the LDAP bind. Usually a specific technical user is created for this with read only rights.
ldap_bind_credentials.password  Yes  The password for the LDAP bind user.
search_scope  Yes  This configures the search depth:
base - searches only the search_base level;
one - searches only the immediate subordinates to the base object, but does not include the base object itself;
sub - this searches the search_base level and all of its subtrees.
search_base Yes The search base used for looking up CN entries. This should be the top level of your LDAP domain where you want to look for entries.
mobile_prefix No If your LDAP dictionary contains local or internal mobile phone numbers (without country code), you can add a prefix containing the country code. The first character of the local or internal mobile phone number will be replaced with this prefix.
ldap_filter No If you want to filter the LDAP search results, you can do so using an ldap filter. This searches only for matching records.
Examples of this filter are: only persons belonging to a specific group, only persons having a mobile phone number configured, ... .
An example of a filter: (&(memberof=OU=VizitoGroup,OU=Applications,OU=Groups,DC=company,DC=com)) .
api_port Yes Default value: 48800. This configures the port at which the node application will listen for HTTP(s) requests.
use_ssl_for_api Yes Default value: false. If set to true, it will use the ssl.ca, ssl.key and ssl.cert configuration items to load a private key / public key pair for enabling TLS communication.
Read up here on creating your own self-signed certificates using a custom root CA.
authentication.enabled Yes Indicates if basic authentication is needed to make a request to this server.
authentication.username No The username that is configured for basic authentication.
authentication.password No The password that is configured for basic authentication.

Step 4: Run

run the following command:
node /path/to/ldapclient/server.js
If everything works as intended, you should see "Server is listening"
You can now use a browser to test the LDAP http server by pointing your browser to http://ip_or_hostname_of_machine_running_ldap_client:48800 (change the port if you changed it in the config file)
If you're running a firewall, make sure it allows access to the port you configured (default 48800).
If your browser shows a JSON object representing the users you want to expose, than everything works!

Step 5: Configure the backoffice to make the tablet connect to the client

Navigate to https://backoffice.vizito.be and under Settings, configure the Host datasource as 'Managed externally' and fill in the Integration URL.

An example: http://192.168.1.100:48800.

Now the tablet will look up the information from the installed client.

Step 6: Use PM2 to daemonize the node process

Please refer to https://github.com/Unitech/pm2 for instructions on how to install and use PM2.

on 10/29/2015 by Steven Gilissen
Was this helpful?

Step 1: NodeJS

Download and install the latest version of NodeJS at https://nodejs.org/

Step 2: LDAP client

Download and extract our LDAP client to a folder of your choice

Step 3: Config

Edit config.json to match your environment.

Here you can find the configuration values and a description of what information you need to enter:

JSON property Mandatory  Description
ldap_url Yes  The internal URL / IP of your LDAP server. Example: ldap://ldap.forumsys.com .
ldap_bind_credentials.user_cn Yes  The user CN that is used for the LDAP bind. Usually a specific technical user is created for this with read only rights.
ldap_bind_credentials.password  Yes  The password for the LDAP bind user.
search_scope  Yes  This configures the search depth:
base - searches only the search_base level;
one - searches only the immediate subordinates to the base object, but does not include the base object itself;
sub - this searches the search_base level and all of its subtrees.
search_base Yes The search base used for looking up CN entries. This should be the top level of your LDAP domain where you want to look for entries.
mobile_prefix No If your LDAP dictionary contains local or internal mobile phone numbers (without country code), you can add a prefix containing the country code. The first character of the local or internal mobile phone number will be replaced with this prefix.
ldap_filter No If you want to filter the LDAP search results, you can do so using an ldap filter. This searches only for matching records.
Examples of this filter are: only persons belonging to a specific group, only persons having a mobile phone number configured, ... .
An example of a filter: (&(memberof=OU=VizitoGroup,OU=Applications,OU=Groups,DC=company,DC=com)) .
api_port Yes Default value: 48800. This configures the port at which the node application will listen for HTTP(s) requests.
use_ssl_for_api Yes Default value: false. If set to true, it will use the ssl.cassl.key and ssl.cert configuration items to load a private key / public key pair for enabling TLS communication.
Read up here on creating your own self-signed certificates using a custom root CA.
authentication.enabled Yes Indicates if basic authentication is needed to make a request to this server.
authentication.username No The username that is configured for basic authentication.
authentication.password No The password that is configured for basic authentication.

Step 4: Run

Open a command prompt, navigate to the folder where your ldap client resides, and run "node server.js"
If everything works as intended, you should see "Server is listening"
You can now use a browser to test the LDAP http server by pointing your browser to http://ip_or_hostname_of_machine_running_ldap_client:48800 (change the port if you changed it in the config file)
If your browser shows a JSON object representing the users you want to expose, than everything works!

Step 5: Configure the backoffice to make the tablet connect to the client

Navigate to https://backoffice.vizito.be and under Settings, configure the Host datasource as 'Managed externally' and fill in the Integration URL.

An example: http://192.168.1.100:48800.

Now the tablet will look up the information from the installed client.

Step 6: Use NSSM to daemonize the node process as a Windows Service

Download the latest release of NSSM at https://nssm.cc/download
extract the appropriate architecture executable to a folder of your choice.
now run the following command: nssm install ldap_client
This will show a window where your service parameters can be configured.

  • Select "node.exe" as Path. It can usually be found in c:\Program Files (x86)\nodejs\node.exe
  • Edit the Startup directory and point it to the folder where your LDAP client resides
  • Type the full path to server.js in the Arguments field
  • Optionally, you can set a Display name for your service in the Details tab.

Now go to your Windows Services, start your newly created service, and test! Remember to stop any manually started instances of the LDAP client before starting the service.

 

on 10/29/2015 by Steven Gilissen
Was this helpful?