Active Directory Setup
Go to the Admin Console page (click the Owl -> click the Gear -> click Admin Console).
Click on “AD Setup” and you will see the screenshot below.
AD Enabled = flag to enabled AD (after binding please restart the owl-web application)
Page Size = 100 is recommended. The number of results in a single page (NOTE: For really large AD Environments it’s best to narrow down the Base Path and/or possibly using Group Search Path to narrow down to that group explicitly).
Host = Host: ldap://x.x.x.x or ldaps://x.x.x.x Port: is usually 389 for ldap or 636 for ldaps
Base Path is the domain specified in the example above owl.com (equals to DC=owl,DC=com).
Group Search Path = helps to narrow down list to an explicit group or parent group (example: CN=owladmins)
Bind user = <user>@<domain>
Bind Password = users domain password.
Click save and you should receive the message below on the top of the owl-web application.
When binding to AD you do not need a special AD username and password. The application just needs a user to bind with in order to run a read-only query on the groups. The AD credentials are not stored, owl uses this dynamically to understand what groups you want to map.
Now the binding is complete we can map an AD Group to an Owl ROLE.
Click on “ROLE MAPPING”
Select a ROLE in the drop down list - (Alternatively this is a time you can add a new Owl ROLE to map the AD Group(s) you want to include in that Owl ROLE).
Click Load Groups
Select Group in the left box (use the filter on top to filter base on what you provide in the text box).
click the name to move it left to right.
click “Save” and you’ll get a response back to Owl-web like the following.
Now that we’ve mapped an AD Group to an AD Role we can now log out and try to login as a domain user. (REMEMBER: you will have to restart the owl-web by running ./owlmanage.sh restart_owlweb when toggling AD Enabled).
When logging into the Owl Web application please make sure to append the domain to the end of the user name as depicted below.
Last updated
