Recent changes to Authentication Moduleshttps://sourceforge.net/p/phpvirtualbox/wiki/Authentication%2520Modules/Recent changes to Authentication ModulesenThu, 11 Dec 2014 14:16:38 -0000Authentication Modules modified by Ian Moorehttps://sourceforge.net/p/phpvirtualbox/wiki/Authentication%2520Modules/<div class="markdown_content"><pre>--- v2 +++ v3 @@ -29,7 +29,7 @@ var $authConfig = array( 'host' =&gt; '127.0.0.1', // LDAP server IP 'bind_dn' =&gt; 'uid=%s, ou=admins, dc=internal, dc=local', // %s will be replaced with login username - 'adminUser =&gt; '' // leave blank to let all users be admins in phpVirtualBox or specify a username + 'adminUser' =&gt; '' // leave blank to let all users be admins in phpVirtualBox or specify a username ); Where values in the $authConfig array are appropriately set according to your LDAP environment. Contact your LDAP administrator for help with setting these values. </pre> </div>Ian MooreThu, 11 Dec 2014 14:16:38 -0000https://sourceforge.netaa6a8cd89afa3990a8bb41d1c71a28c1866b6556Discussion for Authentication Modules pagehttps://sourceforge.net/p/phpvirtualbox/wiki/Authentication%2520Modules/<div class="markdown_content"><p>In <a class="" href="https://sourceforge.net/p/phpvirtualbox/wiki/Authentication%20Modules/#ldap">LDAP</a> config vars, expects a ' after adminuser:</p> <p>from this-&gt; 'adminUser =&gt; '' <br /> to this -&gt; 'adminUser' =&gt; '' </p></div>Thiago AlmeidaTue, 04 Feb 2014 17:39:19 -0000https://sourceforge.net8510fc9b24106d9d6798b5a46e8620ead92b23c6Authentication Modules modified by Ian Moorehttps://sourceforge.net/p/phpvirtualbox/wiki/Authentication%2520Modules/<div class="markdown_content"><pre>--- v1 +++ v2 @@ -1,6 +1,6 @@ **Introduction** -phpVirtualBox comes with authentication that allow it to use custom authentication mechanisms. +phpVirtualBox comes with authentication that allow it to use custom authentication mechanisms. This page lists each authentication module, how to enable it, and its settings. ------------------------------ Contents @@ -101,7 +101,7 @@ [[img src=adou.png]] -## Summary ## +### Summary ### You can mix-and-match the container, admin_group, adminUser, and user_group in your configuration. It is important to remember: @@ -122,61 +122,58 @@ ---- -{{{ -var $authLib = 'ActiveDirectory'; -var $authConfig = array( - 'user_group' => 'Dev Lab', - 'admin_user' => 'susan' - 'host' => '192.168.1.100', // domain controller IP - 'domain' => 'adtest.local' // active directory domain -); -}}} + var $authLib = 'ActiveDirectory'; + var $authConfig = array( + 'user_group' => 'Dev Lab', + 'admin_user' => 'susan' + 'host' => '192.168.1.100', // domain controller IP + 'domain' => 'adtest.local' // active directory domain + ); + Anyone in the Dev Lab group can log in. 'susan' is an admin in phpVirtualBox, but does not have to be a member of the Dev Lab group to log in. + ---- -{{{ -var $authLib = 'ActiveDirectory'; -var $authConfig = array( - 'admin_group' => 'vbox admins', - 'host' => '192.168.1.100', // domain controller IP - 'domain' => 'adtest.local' // active directory domain -); -}}} -Anyone with an AD account can log in. Users in the 'vbox admins' group are admins in phpVirtualBox. + var $authLib = 'ActiveDirectory'; + var $authConfig = array( + 'admin_group' => 'vbox admins', + 'host' => '192.168.1.100', // domain controller IP + 'domain' => 'adtest.local' // active directory domain + ); + +Anyone with an AD account can log in. Users in the 'vbox admins' group are admins in phpVirtualBox.\ + ---- -{{{ -var $authLib = 'ActiveDirectory'; -var $authConfig = array( - 'user_group' => 'Dev Lab Users', - 'admin_group' => 'Dev Lab Admins', - 'host' => '192.168.1.100', // domain controller IP - 'domain' => 'adtest.local' // active directory domain -); -}}} + var $authLib = 'ActiveDirectory'; + var $authConfig = array( + 'user_group' => 'Dev Lab Users', + 'admin_group' => 'Dev Lab Admins', + 'host' => '192.168.1.100', // domain controller IP + 'domain' => 'adtest.local' // active directory domain + ); + Anyone in the Dev Lab Users group can log in. Users in Dev Lab Admins are admins in phpVirtualBox, but do not have to be a member of 'Dev Lab Users' to log in. + ---- -{{{ -var $authLib = 'ActiveDirectory'; -var $authConfig = array( - 'host' => '192.168.1.100', // domain controller IP - 'domain' => 'adtest.local' // active directory domain -); -}}} + var $authLib = 'ActiveDirectory'; + var $authConfig = array( + 'host' => '192.168.1.100', // domain controller IP + 'domain' => 'adtest.local' // active directory domain + ); + Anyone with an AD account can log in, and everyone will be an admin in phpVirtualBox. + ---- -{{{ -var $authLib = 'ActiveDirectory'; -var $authConfig = array( - 'container' => 'OU=Admins, OU=Engineering', - 'adminUser' => 'jason', - 'host' => '192.168.1.100', // domain controller IP - 'domain' => 'adtest.local' // active directory domain -); -}}} + var $authLib = 'ActiveDirectory'; + var $authConfig = array( + 'container' => 'OU=Admins, OU=Engineering', + 'adminUser' => 'jason', + 'host' => '192.168.1.100', // domain controller IP + 'domain' => 'adtest.local' // active directory domain + ); Only the *Engineering\Admins* organizational unit will be searched for users. Any user in this container can log in to phpVirtualBox. Only jason is an admin in phpVirtualBox, but must also be found in the *Engineering\Admins* organizational unit. ----- </pre> </div>Ian MooreThu, 25 Jul 2013 02:17:30 -0000https://sourceforge.netfc40fce61771c0c13f3ab5859698122b899c4957Authentication Modules modified by Ian Moorehttps://sourceforge.net/p/phpvirtualbox/wiki/Authentication%2520Modules/<div class="markdown_content"><p><strong>Introduction</strong></p> <p>phpVirtualBox comes with authentication that allow it to use custom authentication mechanisms.</p> <hr /> <p>Contents</p> <div class="toc"> <ul> <li><a href="#webauth">WebAuth</a></li> <li><a href="#ldap">LDAP</a></li> <li><a href="#active-directory-42-x-only">Active Directory (&gt;= 4.2-x only)</a><ul> <li><a href="#restricting-access">Restricting Access</a><ul> <li><a href="#containers">Containers</a></li> </ul> </li> <li><a href="#summary">Summary</a></li> </ul> </li> </ul> </div> <hr /> <h1 id="webauth">WebAuth</h1> <p>The WebAuth authentication module automatically logs in the user when .htaccess style authentication is being utilized by your web server. To enable this authentication method, add the following to config.php:</p> <div class="codehilite"><pre><span class="n">var</span> <span class="err">$</span><span class="n">authLib</span> <span class="o">=</span> <span class="err">'</span><span class="n">WebAuth</span><span class="err">'</span><span class="p">;</span> </pre></div> <p>By default, all users are admins in phpVirtualBox. You can specify a specific user as being an admin by adding the following to config.php:</p> <div class="codehilite"><pre><span class="n">var</span> <span class="err">$</span><span class="n">authConfig</span> <span class="o">=</span> <span class="n">array</span><span class="p">(</span><span class="err">'</span><span class="n">adminUser</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">bob</span><span class="err">'</span><span class="p">);</span> </pre></div> <p>In the above case, 'bob' would be an admin in phpVirtualBox, while all other users would not.</p> <h1 id="ldap">LDAP</h1> <p>The LDAP authentication module provides a simple mechanism to authenticate against an LDAP server. To enable this authentication method, add the following to config.php:</p> <div class="codehilite"><pre><span class="n">var</span> <span class="err">$</span><span class="n">authLib</span> <span class="o">=</span> <span class="err">'</span><span class="n">LDAP</span><span class="err">'</span><span class="p">;</span> <span class="n">var</span> <span class="err">$</span><span class="n">authConfig</span> <span class="o">=</span> <span class="n">array</span><span class="p">(</span> <span class="err">'</span><span class="n">host</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="mf">127.0.0.1</span><span class="err">'</span><span class="p">,</span> <span class="c1">// LDAP server IP</span> <span class="err">'</span><span class="n">bind_dn</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">uid</span><span class="o">=%</span><span class="n">s</span><span class="p">,</span> <span class="n">ou</span><span class="o">=</span><span class="n">admins</span><span class="p">,</span> <span class="n">dc</span><span class="o">=</span><span class="n">internal</span><span class="p">,</span> <span class="n">dc</span><span class="o">=</span><span class="n">local</span><span class="err">'</span><span class="p">,</span> <span class="c1">// %s will be replaced with login username</span> <span class="err">'</span><span class="n">adminUser</span> <span class="o">=&gt;</span> <span class="err">''</span> <span class="c1">// leave blank to let all users be admins in phpVirtualBox or specify a username</span> <span class="p">);</span> </pre></div> <p>Where values in the $authConfig array are appropriately set according to your LDAP environment. Contact your LDAP administrator for help with setting these values.</p> <h1 id="active-directory-42-x-only">Active Directory (&gt;= 4.2-x only)</h1> <p>The Active Directory authentication module allows phpVirtualBox to authenticate users against an Active Directory domain controller. For a very basic setup, add the following to config.php:</p> <div class="codehilite"><pre><span class="n">var</span> <span class="err">$</span><span class="n">authLib</span> <span class="o">=</span> <span class="err">'</span><span class="n">ActiveDirectory</span><span class="err">'</span><span class="p">;</span> <span class="n">var</span> <span class="err">$</span><span class="n">authConfig</span> <span class="o">=</span> <span class="n">array</span><span class="p">(</span> <span class="err">'</span><span class="n">host</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="mf">192.168.1.100</span><span class="err">'</span><span class="p">,</span> <span class="c1">// domain controller IP</span> <span class="err">'</span><span class="n">domain</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">adtest</span><span class="p">.</span><span class="n">local</span><span class="err">'</span> <span class="c1">// active directory domain</span> <span class="p">);</span> </pre></div> <p>This configuration allows everyone in your Active Directory environment to log in and makes them all administrators in phpVirtualBox.</p> <p>Each Active Directory implementation can provide varying levels of complexity. This authentication module aims to be flexible enough for any environment, but its configuration can be equally complex.</p> <h2 id="restricting-access">Restricting Access</h2> <p>The $authConfig items 'user_group' and 'admin_group' allow one to restrict access to phpVirtualBox. If user_group is set, only users that are members of this group (or an admin_group) will be able to log in. This can be specified in $authConfig in config.php as:</p> <div class="codehilite"><pre><span class="n">var</span> <span class="err">$</span><span class="n">authLib</span> <span class="o">=</span> <span class="err">'</span><span class="n">ActiveDirectory</span><span class="err">'</span><span class="p">;</span> <span class="n">var</span> <span class="err">$</span><span class="n">authConfig</span> <span class="o">=</span> <span class="n">array</span><span class="p">(</span> <span class="err">'</span><span class="n">user_group</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">Development</span> <span class="n">Lab</span><span class="err">'</span><span class="p">,</span> <span class="err">'</span><span class="n">host</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="mf">192.168.1.100</span><span class="err">'</span><span class="p">,</span> <span class="c1">// domain controller IP</span> <span class="err">'</span><span class="n">domain</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">adtest</span><span class="p">.</span><span class="n">local</span><span class="err">'</span> <span class="c1">// active directory domain</span> <span class="p">);</span> </pre></div> <p>In this scenario, only users that are a member of the 'Development Lab' group can log in. Since no admin information is specified, all users would be admins in phpVirtualBox.</p> <p>There are 2 mechanisms to specify one or more users as admins in phpVirtualBox. You can explicitly set one user to be an admin by setting the 'adminUser' item:</p> <div class="codehilite"><pre><span class="n">var</span> <span class="err">$</span><span class="n">authLib</span> <span class="o">=</span> <span class="err">'</span><span class="n">ActiveDirectory</span><span class="err">'</span><span class="p">;</span> <span class="n">var</span> <span class="err">$</span><span class="n">authConfig</span> <span class="o">=</span> <span class="n">array</span><span class="p">(</span> <span class="err">'</span><span class="n">adminUser</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">bob</span><span class="err">'</span><span class="p">,</span> <span class="err">'</span><span class="n">user_group</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">Development</span> <span class="n">Lab</span><span class="err">'</span><span class="p">,</span> <span class="err">'</span><span class="n">host</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="mf">192.168.1.100</span><span class="err">'</span><span class="p">,</span> <span class="c1">// domain controller IP</span> <span class="err">'</span><span class="n">domain</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">adtest</span><span class="p">.</span><span class="n">local</span><span class="err">'</span> <span class="c1">// active directory domain</span> <span class="p">);</span> </pre></div> <p>In this scenario, only users that are a member of the 'Development Lab' group can log in. The user 'bob' can log in (regardless of his group membership) and is an admin in phpVirtualBox.</p> <p>You can also specify an entire group as administrators by setting the 'admin_group' item:</p> <div class="codehilite"><pre><span class="n">var</span> <span class="err">$</span><span class="n">authLib</span> <span class="o">=</span> <span class="err">'</span><span class="n">ActiveDirectory</span><span class="err">'</span><span class="p">;</span> <span class="n">var</span> <span class="err">$</span><span class="n">authConfig</span> <span class="o">=</span> <span class="n">array</span><span class="p">(</span> <span class="err">'</span><span class="n">admin_group</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">Domain</span> <span class="n">Admins</span><span class="err">'</span><span class="p">,</span> <span class="err">'</span><span class="n">user_group</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">Development</span> <span class="n">Lab</span><span class="err">'</span><span class="p">,</span> <span class="err">'</span><span class="n">host</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="mf">192.168.1.100</span><span class="err">'</span><span class="p">,</span> <span class="c1">// domain controller IP</span> <span class="err">'</span><span class="n">domain</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">adtest</span><span class="p">.</span><span class="n">local</span><span class="err">'</span> <span class="c1">// active directory domain</span> <span class="p">);</span> </pre></div> <p>In this scenario, only users that are a member of the 'Development Lab' or 'Domain Admins' groups can log in. Only users in the 'Domain Admins' group are admins in phpVirtualBox.</p> <h3 id="containers">Containers</h3> <p>The default container searched is <em>CN=Users</em>. This is the "Users" folder in your Active Directory domain. To change the default container searched, you can specify the 'container' item in your $authConfig array:</p> <div class="codehilite"><pre><span class="n">var</span> <span class="err">$</span><span class="n">authLib</span> <span class="o">=</span> <span class="err">'</span><span class="n">ActiveDirectory</span><span class="err">'</span><span class="p">;</span> <span class="n">var</span> <span class="err">$</span><span class="n">authConfig</span> <span class="o">=</span> <span class="n">array</span><span class="p">(</span> <span class="err">'</span><span class="n">container</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">OU</span><span class="o">=</span><span class="n">Admins</span><span class="p">,</span> <span class="n">OU</span><span class="o">=</span><span class="n">Engineering</span><span class="err">'</span><span class="p">,</span> <span class="err">'</span><span class="n">host</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="mf">192.168.1.100</span><span class="err">'</span><span class="p">,</span> <span class="c1">// domain controller IP</span> <span class="err">'</span><span class="n">domain</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">adtest</span><span class="p">.</span><span class="n">local</span><span class="err">'</span> <span class="c1">// active directory domain</span> <span class="p">);</span> </pre></div> <p>In this scenario, the organization unit <em>Engineering\Admins</em> is searched for users.</p> <p><img src="./attachment/adou.png" /></p> <h2 id="summary">Summary</h2> <p>You can mix-and-match the container, admin_group, adminUser, and user_group in your configuration. It is important to remember:</p> <ul> <li>If no admin information is specified (via adminUser or admin_group), all users that can log in to phpVirtualBox will be administrators</li> <li>Users identified as admins (via adminUser or admin_group) will be able to log in regardless of the user_group setting</li> <li>To be able to log in to phpVirtualBox, users must be in the organizational unit specified by 'container' (defaults to CN=Users)</li> </ul> <p>Consider the following configuration scenarios and their effects:</p> <div class="codehilite"><pre><span class="n">var</span> <span class="err">$</span><span class="n">authLib</span> <span class="o">=</span> <span class="err">'</span><span class="n">ActiveDirectory</span><span class="err">'</span><span class="p">;</span> <span class="n">var</span> <span class="err">$</span><span class="n">authConfig</span> <span class="o">=</span> <span class="n">array</span><span class="p">(</span> <span class="err">'</span><span class="n">admin_user</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">james</span><span class="err">'</span><span class="p">,</span> <span class="err">'</span><span class="n">host</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="mf">192.168.1.100</span><span class="err">'</span><span class="p">,</span> <span class="c1">// domain controller IP</span> <span class="err">'</span><span class="n">domain</span><span class="err">'</span> <span class="o">=&gt;</span> <span class="err">'</span><span class="n">adtest</span><span class="p">.</span><span class="n">local</span><span class="err">'</span> <span class="c1">// active directory domain</span> <span class="p">);</span> </pre></div> <p>Anyone with an AD account can log in. Only 'james' is an admin in phpvirtualbox.</p> <hr /> <p>{{{<br /> var $authLib = 'ActiveDirectory';<br /> var $authConfig = array(<br /> 'user_group' =&gt; 'Dev Lab',<br /> 'admin_user' =&gt; 'susan'<br /> 'host' =&gt; '192.168.1.100', // domain controller IP<br /> 'domain' =&gt; 'adtest.local' // active directory domain<br /> );<br /> }}}<br /> Anyone in the Dev Lab group can log in. 'susan' is an admin in phpVirtualBox, but does not have to be a member of the Dev Lab group to log in.</p> <hr /> <p>{{{<br /> var $authLib = 'ActiveDirectory';<br /> var $authConfig = array(<br /> 'admin_group' =&gt; 'vbox admins',<br /> 'host' =&gt; '192.168.1.100', // domain controller IP<br /> 'domain' =&gt; 'adtest.local' // active directory domain<br /> );<br /> }}}<br /> Anyone with an AD account can log in. Users in the 'vbox admins' group are admins in phpVirtualBox.</p> <hr /> <p>{{{<br /> var $authLib = 'ActiveDirectory';<br /> var $authConfig = array(<br /> 'user_group' =&gt; 'Dev Lab Users',<br /> 'admin_group' =&gt; 'Dev Lab Admins',<br /> 'host' =&gt; '192.168.1.100', // domain controller IP<br /> 'domain' =&gt; 'adtest.local' // active directory domain<br /> );<br /> }}}<br /> Anyone in the Dev Lab Users group can log in. Users in Dev Lab Admins are admins in phpVirtualBox, but do not have to be a member of 'Dev Lab Users' to log in.</p> <hr /> <p>{{{<br /> var $authLib = 'ActiveDirectory';<br /> var $authConfig = array(<br /> 'host' =&gt; '192.168.1.100', // domain controller IP<br /> 'domain' =&gt; 'adtest.local' // active directory domain<br /> );<br /> }}}<br /> Anyone with an AD account can log in, and everyone will be an admin in phpVirtualBox.</p> <hr /> <p>{{{<br /> var $authLib = 'ActiveDirectory';<br /> var $authConfig = array(<br /> 'container' =&gt; 'OU=Admins, OU=Engineering',<br /> 'adminUser' =&gt; 'jason',<br /> 'host' =&gt; '192.168.1.100', // domain controller IP<br /> 'domain' =&gt; 'adtest.local' // active directory domain<br /> );<br /> }}}</p> <p>Only the <em>Engineering\Admins</em> organizational unit will be searched for users. Any user in this container can log in to phpVirtualBox. Only jason is an admin in phpVirtualBox, but must also be found in the <em>Engineering\Admins</em> organizational unit.</p> <hr /></div>Ian MooreThu, 25 Jul 2013 02:12:40 -0000https://sourceforge.netf4969a66e340d2a67e66009cf67a2dc1e2215ac7