miniOrange LDAP Gateway

miniOrange LDAP Gateway allows login to publicly/privately hosted sites using credentials stored in Active Directory, OpenLDAP and other LDAP servers. If the LDAP Server is not publicly accessible from your site, this module can be used in conjunction with the miniOrange LDAP Gateway, which is deployed at the DMZ server in the intranet. Another benefit of this module is that multiple LDAP Configurations can be stored for multiple customers of a WordPress based Cloud Service Provider and mapping to the username can be done on the basis of the domain name.

miniOrange gateway is a small piece of software that can reside on a shared machine. It wont need its own machine and our customers generally install it on any server thats already in the DMZ.

Why LDAP Gateway?

• LDAP with non public IP - This can be very beneficial if your aim is single sign on but your LDAP exists within your intranet with a non public IP. You can still authenticate your site (which could be anywhere outside your network) and with the help of this two part plugin (plugin + gateway) you can authenticate against your LDAP and achieve single sign on.

• Secure calls using HTTPS - All remote calls happen through an encrypted channel.

• Setup LDAP configuration once and access from multiple sites - You only need to setup your LDAP configuration once and you can access from multiple sites, thereby achieving ease of use.

• Your LDAP stays secure since its behind your firewall.

• Cloud based LDAP authentication system - This means that the libraries that are needed to authenticate against your LDAP/AD is not PHP based so it can support a much larger variety of LDAP.

Setup and Installation Guide for LDAP Gateway

• Download the miniOrange Gateway zip file.

• Extract the package and execute the startup file
  NOTE: Use startup.bat for windows and startup.sh for linux. Make sure your default ports are free.

• Access the gateway from your browser using the url "<hostname:port>/miniorangegateway". Replace "<hostname>" with your hostname or server IP .
  Eg:localhost:8080/miniorangegateway.

• You will be redirected to the following login form.
  
  
  
  Use Username:"admin" and Password:"changeit" to log in.

• Reset Password form will appear. Change the password and proceed.
  
  
  
  

• Go to login.xecurify.com and log into your Xecurify Account.

• After logging in, click on the settings tab on the top right corner.
  
  
  
  

• Copy the Account Details and paste it in your Configure Keys page in your miniOrange Gateway .
  
  
  
  
  
  
  
  

• Press the Save button and then proceed to the LDAP Configuration tab in your miniOrange Gateway and click on the Add LDAP Configuration button on top right.
  
  
  
  

• Configure the miniOrange Gateway by adding the following LDAP Configuration details.
  
  
  
  

  1. Configuration Identifier: Any name that will specify this set of configuration.
  
  
  2. LDAP Server URL: Specify the host name for the LDAP server Eg: ldap://myldapserver.domain:389
  
  
  3. Bind Account DN:This will be used to establish the connection with LDAP Server. Specify it in the following ways:
     Username@domainname or Distinguished Name(DN) format
  
  
  4. Bind Account Password: Password for the Bind Account in the LDAP Server.
  
  
  5. Search Bases: Provide distinguished name of the Search Base object Eg:cn=User,dc=domain,dc=com
  
  
  6. Search Filter: Search filters enable you to define search criteria and provide more efficient and effective searches. Eg: "(&(objectClass=*)(cn=?))"
  
  
  7. Domain Name: Semi-colon separated list of domain. Eg: miniorange.com
  
  
  8. LDAP Attribute List: Semi-colon separated list of attributes. Eg: cn;mail;givenName
  
  

• Press the Save button.
• You have successfully installed and configured miniOrange LDAP Gateway.


• (Recommended) Setup SSL for miniOrange LDAP Gateway.
  1. Generate Keystore:
     • Navigate to the %JAVA_HOME%\bin directory in the file explorer. Create a certs directory in it.
       
       
       
       
     • Navigate to the %JAVA_HOME%\bin directory in the command line ( in Administrator mode ) and execute the command:
       keytool -genkey -alias <ALIAS> -keyalg RSA -keystore <JAVA_HOME>\bin\certs\keystore.jks
       
       
       
       This creates a keystore in the certs folder created in (a).
       
       
       
       
  
  
  2. Configure Connector:
     This is required to configure Tomcat to run on port 443(SSL Port).
     
     • Navigate to the <Tomcat Directory>\conf and edit the server.xml file.
       
       
       
       
     • Add a connector element under <Service name="Catalina"> . The following configuration needs to be placed in the connector element:
       <Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https"
       secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="<PATH_TO_KEYSTORE>"
       keystorePass="KEYSTORE_PASSWORD" />
       
       
       
       
  
  
  3. Assign Server Name to Tomcat:
     • Edit the %windows%\system32\drivers\etc\hosts file and add the following line:
       127.0.0.1 <newhostname>
       
       
       
       
     • Navigate to the <Tomcat Directory>\conf and edit the server.xml file.
     • Search for the <Engine name="Catalina" defaultHost="localhost"> and replace localhost with the newhostname of the server.
       
       
       
       
     • Search for the <Host> element and replace name=”localhost” with name=”<IP Address/DNS>” of the server.”
       
       
       
       
     • Restart Tomcat by running startup.bat under <Tomcat Directory>\bin. Navigate to the following address:
       https://<newhostname:port>/miniorangegateway.