LDAP Authentication

Maytas Hub can be setup to use LDAP authentication from Active Directory so that users can login using their windows credentials.

Pre-Requisites

• Maytas Hub user accounts MUST have the same username as the user's corresponding LDAP / Active Directory username.
• The Maytas Hub user accounts in M32$_WEBUSERS should be given dummy password values. It is strongly recommended that the dummy passwords meet minimum password requirements, as they could still theoretically be used to login successfully.

Setup

1. On the server where Maytas Hub runs, go to your Maytas Hub web folder (this is usually within C:\inetpub\wwwroot).
2. Make a backup copy of your Maytas Hub web.config.
3. Open web.config for editing.

4. Scroll down to the <appSettings> section and add the following lines:

   <add key="SecurityProviderAssembly" value="Maytas.Security.Provider.ActiveDirectory"/>

   <add key="SecurityProviderClass" value="Maytas.Security.Provider.ActiveDirectory"/>

   <add key="LDAPDomain" value="DOMAIN"/>

   <add key="LDAPPath" value="LDAP://CONTROLLER:389/DC=DOMAINNAME1,DC=DOMAINNAME2"/>

   with the following changes to variables:

   • DOMAIN is the domain.
   • CONTROLLER is the domain controller.
   • DOMAINNAME1 and 2 are the component parts of the fully qualified domain name for the domain. e.g. for tribalgroup.net, DOMAINNAME1 would be tribalgroup and DOMAINNAME2 would be net. You can add additional components as required (e.g. DOMAINNAME3, 4, etc).

   For example, with a domain of Maytas, a domain controller of MyServer and a fully qualified domain name of maytas.tribalgroup.net, the keys would be as follows:

   <add key="LDAPDomain" value="Maytas"/>

   <add key="LDAPPath" value="LDAP://MyServer:389/DC=maytas,DC=tribalgroup,DC=net"/>

   If you wish to use LDAPS / SSL-encrypted LDAP, the port number must be changed from 389 to 636. The LDAP prefix should NOT be changed to LDAPS. e.g. <add key="LDAPPath" value="LDAP://MyServer:636/DC=maytas,DC=tribalgroup,DC=net"/>

5. Save and close web.config.

6. In IIS, restart the Maytas Hub website.

Generate Random Password for Users

An option can be enabled in the Web User Editor which allows you to generate a random GUID password for a user.

To enable this:

1. In Maytas Hub, go to Settings on the sidebar.
2. Click the System configuration button.
3. Go to Admin on the left (under the Maytas Hub Online header).
4. In the General section, tick the box for the permission Password Generation and ensure the toggle button is set to ON.
5. Click Save.

This will enable a button in the Web User Editor to generate a random password:

1. Go to Web User Editor on the sidebar.
2. Search for and open the required user or group.

3. Click the Random button next to the Password box.

   

4. Click Save.

The generated password will not be sent to anyone, as users with LDAP authentication will use their Windows login to access Maytas Hub. The purpose of the password generation is to store a complex, randomised password for the Maytas Hub web user account in the database.