AD on-premise for Linux

If you need any help configuring the following steps, be sure to get in touch: info@vizito.be or via chat.

The AD integration is configured by using the Vizito AD client which needs to be installed on a device/server which the tablet can connect to. So the tablet needs to be able to communicate to this device/server via its network.

Please find a schematic representation below: Vizito ldap client network

Step 1: NodeJS

Download and install the latest version of NodeJS at https://nodejs.org/

Step 2: Vizito AD client

Download and extract our Vizito AD client to a folder of your choice

Step 3: Config

Edit config.json to match your environment.

Here you can find the configuration values and a description of what information you need to enter:

JSON property Mandatory Description
ldap*url Yes The internal URL / IP of your LDAP server. Example: _ldap://ldap.forumsys.com .*
ldap*bind_credentials.user_cn Yes The user CN that is used for the LDAP bind. Usually a specific technical user is created for this with read only rights.
ldap_bind_credentials.password Yes The password for the LDAP bind user.
search_scope Yes This configures the search depth: _base* - searches only the searchbase level; _one - searches only the immediate subordinates to the base object, but does not include the base object itself; sub - this searches the search*base level and all of its subtrees.
search*base Yes The search base used for looking up CN entries. This should be the top level of your LDAP domain where you want to look for entries.
mobile_prefix No If your LDAP dictionary contains local or internal mobile phone numbers (without country code), you can add a prefix containing the country code. The first character of the local or internal mobile phone number will be replaced with this prefix.
ldap_filter No If you want to filter the LDAP search results, you can do so using an ldap filter. This searches only for matching records.
Examples of this filter are: only persons belonging to a specific group, only persons having a mobile phone number configured, … .
An example of a filter: *(&(memberof=OU=VizitoGroup,OU=Applications,OU=Groups,DC=company,DC=com))* .
api*port Yes Default value: _48800*. This configures the port at which the node application will listen for HTTP(s) requests.
use*ssl_for_api Yes Default value: _false*. If set to _true_, it will use the ssl.ca, ssl.key and ssl.cert configuration items to load a private key / public key pair for enabling TLS communication.
Read up on creating your own self-signed certificates using a custom root CA.
authentication.enabled Yes Indicates if basic authentication is needed to make a request to this server.
authentication.username No The username that is configured for basic authentication.
authentication.password No The password that is configured for basic authentication.

Step 4: Run

Navigate to the folder where your ldap client resides, and run

  • “npm install” (only required once)
  • “node server.js” If everything works as intended, you should see “Server is listening” You can now use a browser to test the LDAP http server by pointing your browser to http://ip_or_hostname_of_machine_running_ldap_client:48800/ (change the port if you changed it in the config file) If your browser shows a JSON object representing the users you want to expose, than everything works!

Step 5: Configure the backoffice to make the tablet connect to the client

Navigate to https://backoffice.vizito.be and under Settings, configure the Host datasource as ‘Managed externally’ and fill in the Integration URL.

An example: http://192.168.1.100:48800.

Now the tablet will look up the information from the installed client.

Step 6: Use PM2 to daemonize the node process

Please refer to https://github.com/Unitech/pm2 for instructions on how to install and use PM2.

Troubleshooting

Demo services are available for testing purposes. They include names such as “Tesla”, “Newton”, etc..

  • HTTP version: http://178.162.136.223:48800
  • HTTPS version: https://source.vizito.eu:48801

If you’re using a HTTPS configuration you can configure multiple CA references. Add each CA between " (quotes) in the CA array, which you can find in the config.JSON file.