...
| Info |
|---|
It is assumed that yarnman has been deployed and installed as per Yarnman Installation and Setup Note that there are the authentication configuration requires some specific items for Yarngate that will require specific configuration |
Yarngate Authentication setup
...
Create Authentication Policy
Name the authentication policy and select Authentication Method LDAP + Database with Roles
Select Linked authentication Database created previously for Yarngate
Configure LDAP authentication
The LDAP server address should be in the format LDAPS://<FQDN>:<port> - Note that LDAP:// can be used but passwords will not be encrytped in transit
Verify TLS/SSL certificates can be enabled - Note that the LDAPS server certificate or trusted root CA certificate must be uploaded via the administration app
LDAP username match regex can be used to match username formats - This is a generic username match regex that can be adjusted as needed(^[A-Za-z0-9]+(?:[ _-][A-Za-z0-9]+)*$)
LDAP replace regex allows to adding prefixes/suffices to suite the authentication requirements such as adding a domain suffix
Save the authentication policy - Note that new tabs will now become visable
Configure LDAP authorisation and roles
The LDAP interface field is optional - this can be used if an out of band check using another LDAP user is required for LDAP user group search on LDAP, If this option is not selected the LDAP groups are retreived using the authenticated LDAP user
Base DN - provide the base DN for LDAP searches
Username Match Field - this is the LDAP username field used typically sAMAccountName
LDAP group to role mapping - this provide a mapping from LDAP groups to the Autentication Database roles defined previously. The LDAP groups can be entered in as global group name of LDAP distingushed name
Yarngate Configuration
| Info |
|---|
Depending on the configuration you may wish to add a secondary access to the the administration application on a dedicated port |