Hi guys,
I am running Top 3.1.0 in free version and I would like to have iTop instance integrated with Active Directory.
Meaning that Authentication and Authorization would be done based on Active Directory user group membership. I couldn't find any config guide how to performed that :-(.
Any hints are very appreciated. Thank you. Hejbi.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Jeffrey,
thanks for the hint. Yep, I already have running iTop with LDAP authentication against MS AD. But I see as a drawback that user authorization is performed in iTop server itself (via iTop role configured for each of user).
I would ideally to have authentication and authorization performed in AD only. For example woul like to have 2 Active Directory groups - 1 AD group for iTop admins, 1 AD group for iTop RO users. And based on the user membership in either of AD group the user will have appropriate right in iTop. I hope I explained that clearly. Unfortunately I could find any config guide, not even sure if it is possible. Thanks!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You could custom develop it though. I also think it may be possible if you properly configure my LDAP sync ( https://github.com/jbostoen/itop-jb-ldap ); but that is a background task which runs regularly and doesn't update anything at the moment of authentication.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi guys,
I am running Top 3.1.0 in free version and I would like to have iTop instance integrated with Active Directory.
Meaning that Authentication and Authorization would be done based on Active Directory user group membership. I couldn't find any config guide how to performed that :-(.
Any hints are very appreciated. Thank you. Hejbi.
Check out the LDAP info: https://www.itophub.io/wiki/page?id=extensions:authent-ldap
Hi Jeffrey,
thanks for the hint. Yep, I already have running iTop with LDAP authentication against MS AD. But I see as a drawback that user authorization is performed in iTop server itself (via iTop role configured for each of user).
I would ideally to have authentication and authorization performed in AD only. For example woul like to have 2 Active Directory groups - 1 AD group for iTop admins, 1 AD group for iTop RO users. And based on the user membership in either of AD group the user will have appropriate right in iTop. I hope I explained that clearly. Unfortunately I could find any config guide, not even sure if it is possible. Thanks!
It's not possible out of the box.
You could custom develop it though. I also think it may be possible if you properly configure my LDAP sync ( https://github.com/jbostoen/itop-jb-ldap ); but that is a background task which runs regularly and doesn't update anything at the moment of authentication.
Hi Jeffrey, thanks a lot. I will check and investigate implementation options. I appreciate your hints.