Versions Compared

Old Version 1

changes.mady.by.user Zane England

Saved on

compared with

New Version 2

changes.mady.by.user Zane England

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents

Info

It is assumed that yarnman has been deployed and installed as per Yarnman Installation and Setup

Note that there are some specific items for Yarngate that will require specific configuration

Yarngate Authentication setup

Note

Yarngate MUST use a LDAP authentication policy, local DB authentication policy cannot be used and if configured the Yarngate service will not start

Authentication Database

  1. Create an authentication database

    Image Added

  2. Name the LDAP authentication database

    Image Added

  3. Configure the required roles

    Image Added

  4. Configure the required roles for yarngate it is expected that there would be both a Yarngate-Admin and Yarngate-User. These permissions control what options are availible in the yarngate application after a user is Authenticated and Authorised. Repease this process for as many roles as required

    Image Added

Authentication Policy

Yarngate Service Setup

  1. Create Authentication Policy

  2. Image Added

    Name the authentication policy and select Authentication Method LDAP + Database with Roles

    Image Added

  3. Select Linked authentication Database created previously for Yarngate

    Image Added

  4. Configure LDAP authentication

    Image Added

    1. The LDAP server address should be in the format LDAPS://<FQDN>:<port> - Note that LDAP:// can be used but passwords will not be encrytped in transit

    2. Verify TLS/SSL certificates can be enabled - Note that the LDAPS server certificate or trusted root CA certificate must be uploaded via the administration app

    3. LDAP username match regex can be used to match username formats - This is a generic username match regex that can be adjusted as needed(^[A-Za-z0-9]+(?:[ _-][A-Za-z0-9]+)*$)

    4. LDAP replace regex allows to adding prefixes/suffices to suite the authentication requirements such as adding a domain suffix

  5. Save the authentication policy - Note that new tabs will now become visable

  6. Configure LDAP authorisation and roles

    Image Added

    1. The LDAP interface field is optional - this can be used if an out of band check using another LDAP user is required for LDAP user group search on LDAP, If this option is not selected the LDAP groups are retreived using the authenticated LDAP user

    2. Base DN - provide the base DN for LDAP searches

    3. Username Match Field - this is the LDAP username field used typically sAMAccountName

    4. LDAP group to role mapping - this provide a mapping from LDAP groups to the Autentication Database roles defined previously. The LDAP groups can be entered in as global group name of LDAP distingushed name

Yarngate Configuration