If you need any help configuring the following steps, be sure to get in touch: info@vizito.be or via chat.
The AD integration is configured by using the Vizito AD client which needs to be installed on a device/server which the tablet can connect to. So the tablet needs to be able to communicate to this device/server via its network.
Please find a schematic representation below:
Step 1: NodeJS
Download and install the latest version of NodeJS at https://nodejs.org/
Step 2: Vizito AD client
Download and extract our Vizito AD client to a folder of your choice
Step 3: Config
Edit config.json to match your environment.
Here you can find the configuration values and a description of what information you need to enter:
JSON property | Mandatory | Description |
---|---|---|
ldap*url | Yes | The internal URL / IP of your LDAP server. Example: _ldap://ldap.forumsys.com .* |
ldap*bind_credentials.user_cn | Yes | The user CN that is used for the LDAP bind. Usually a specific technical user is created for this with read only rights. |
ldap_bind_credentials.password | Yes | The password for the LDAP bind user. |
search_scope | Yes | This configures the search depth: _base* - searches only the searchbase level; _one - searches only the immediate subordinates to the base object, but does not include the base object itself; sub - this searches the search*base level and all of its subtrees. |
search*base | Yes | The search base used for looking up CN entries. This should be the top level of your LDAP domain where you want to look for entries. |
mobile_prefix | No | If your LDAP dictionary contains local or internal mobile phone numbers (without country code), you can add a prefix containing the country code. The first character of the local or internal mobile phone number will be replaced with this prefix. |
ldap_filter | No | If you want to filter the LDAP search results, you can do so using an ldap filter. This searches only for matching records. |
Examples of this filter are: only persons belonging to a specific group, only persons having a mobile phone number configured, … . | ||
An example of a filter: *(&(memberof=OU=VizitoGroup,OU=Applications,OU=Groups,DC=company,DC=com))* . | ||
api*port | Yes | Default value: _48800*. This configures the port at which the node application will listen for HTTP(s) requests. |
use*ssl_for_api | Yes | Default value: _false*. If set to _true_, it will use the ssl.ca, ssl.key and ssl.cert configuration items to load a private key / public key pair for enabling TLS communication. |
Read up on creating your own self-signed certificates using a custom root CA. | ||
authentication.enabled | Yes | Indicates if basic authentication is needed to make a request to this server. |
authentication.username | No | The username that is configured for basic authentication. |
authentication.password | No | The password that is configured for basic authentication. |
Step 4: Run
Navigate to the folder where your ldap client resides, and run
- “npm install” (only required once)
- “node server.js” If everything works as intended, you should see “Server is listening” You can now use a browser to test the LDAP http server by pointing your browser to http://ip_or_hostname_of_machine_running_ldap_client:48800/ (change the port if you changed it in the config file) If your browser shows a JSON object representing the users you want to expose, than everything works!
Step 5: Configure the backoffice to make the tablet connect to the client
Navigate to https://backoffice.vizito.be and under Settings, configure the Host datasource as ‘Managed externally’ and fill in the Integration URL.
An example: http://192.168.1.100:48800.
Now the tablet will look up the information from the installed client.
Step 6: Use PM2 to daemonize the node process
Please refer to https://github.com/Unitech/pm2 for instructions on how to install and use PM2.
Troubleshooting
Demo services are available for testing purposes. They include names such as “Tesla”, “Newton”, etc..
- HTTP version:
http://178.162.136.223:48800
- HTTPS version:
https://source.vizito.eu:48801
If you’re using a HTTPS configuration you can configure multiple CA references. Add each CA between " (quotes) in the CA array, which you can find in the config.JSON file.