iTOP – LDAP Authentication on Active Directory

iTOP – LDAP Authentication on Active Directory

Would you like to learn how to configure iTOP LDAP authentication on Active directory? In this tutorial, we are going to show you how to authenticate iTOP users using the Microsoft Windows database Active directory and the LDAP protocol.

• Ubuntu 18.04
• Ubuntu 19.04
• iTOP 2.6.1

Hardware List:

The following section presents the list of equipment used to create this iTOP tutorial.

Every piece of hardware listed above can be found at Amazon website.

iTOP Related Tutorial:

On this page, we offer quick access to a list of tutorials related to iTOP.

Tutorial – Windows Domain Controller Firewall

First, we need to create a Firewall rule on the Windows domain controller.

This firewall rule will allow the iTOP server to query the Active directory database.

On the domain controller, open the application named Windows Firewall with Advanced Security

Create a new Inbound firewall rule.

zabbix active directory

Select the PORT option.

zabbix windows firewall port

Select the TCP option.

Select the Specific local ports option.

Enter the TCP port 389.

zabbix windows firewall port ldap

Select the Allow the connection option.

zabbix windows firewall allow connection

Check the DOMAIN option.

Check the PRIVATE option.

Check the PUBLIC option.

Zabbix windows firewall profile

Enter a description to the firewall rule.

windows firewall active directory

Congratulations, you have created the required firewall rule.

This rule will allow iTOP to query the Active directory database.

Tutorial – Windows Domain Account Creation

Next, we need to create at least 2 accounts on the Active directory database.

The BIND account will be used to query the Active Directory database.

The BRUNO account will be used to login on the iTOP web interface.

On the domain controller, open the application named: Active Directory Users and Computers

Create a new account inside the Users container.

Zabbix active directory account

Create a new account named: bind

Password configured to the BIND user: 123qwe..

This account will be used to query the passwords stored on the Active Directory database.

active directory bind account

zabbix active directory ldap bind properties

Create a new account named: bruno

Password configured to the BRUNO user: 123qwe..

This account will be used as an example to authenticate on the iTOP web interface.

active directory user account

zabbix active directory admin properties

Congratulations, you have created the required Active Directory accounts.

Tutorial – Configure iTOP Communication to Active Directory

Access the iTOP server command-line and locate the configuration file: config-itop.php

Copy to Clipboard

Edit the config-itop.php file.

Copy to Clipboard

Locate the LDAP configuration section within the config-itop.php file.

Here is the default LDAP configuration section.

Copy to Clipboard

Here is our configuration:

Copy to Clipboard

You need to change the IP address to your domain controller IP.

You need to change the domain information to reflect you Network environment.

Enter the correct user name and password to the BIND user account.

Do not forget to change this ‘(&(uid=%1$s)(inetuserstatus=ACTIVE))’ to this ‘(samaccountname=%1$s)’

Tutorial iTOP – LDAP Authentication on Active Directory

Open your browser and enter the IP address of your web server plus /itop.

In our example, the following URL was entered in the Browser:

• http://192.168.15.11/itop

The iTOP web interface should be presented.

itop login

On the prompt screen, enter the iTOP Default Password login information.

• Username: admin
• Password: admin

After a successful login, you will be sent to the iTOP Dashboard.

itop dashboard

Access the Configuration management menu, the Contacts sub-menu and select the New contact option.

itop new contact

Select the Person type of contact and click on the Apply button.

Fill the new user form with the Name and contact information from this person.

iTOP Contact Person

In our example we created a Contact named Bruno.

Now, we need to create a new user account.

Access the Admin tools menu and select the user accounts option.

itop create user menu

Select the LDAP user type and click on the Apply button.

itop ldap user

Select the contact information from the desired user.

On the login option, you must enter the same username from the account created on the Active Directory

itop ldap active directory

Access the Profile tab and associate the level of permission desired to this account.

In our example, we create a LDAP user account named bruno and set the Administrative access level.

itop user permission active directory

After finishing your configuration, you should log off the iTOP web interface.

Try to login using the Active directory user and the password.

• Username: bruno
• Password: Enter the Active directory password.

itop login

Congratulations! You have configured the iTOP LDAP authentication on Active Directory using LDAP.

VirtualCoin OSCP, CISSP, PMP, CCNP, MCSE, LPIC22024-06-27T18:52:22-03:00