/build/static/layout/Breadcrumb_cap_w.png

[KACE] How do LDAP and local authentication work in the KBOX Admin UI

  • Summary: LDAP and local user authentication.
  • Symptoms: Unable to log into appliance except as admin or user does not have correct permissions.
  • Cause: Optional User Authentication methods.
  • Steps to resolve issue:

KBOX allows you to manage user authentication either locally, on the Users tab under Portal/Help Desk, or via LDAP. LDAP Authentication is enabled on the KBOX Settings/Authentication tab.

Built-in admin user

Even when LDAP authentication is enabled, the user named “admin” gets special treatment, and is always authenticated locally.

 For any other user name, the steps for authentication depend on the server settings.

Local authentication

When local authentication is enabled, the password is authenticated against the entry in the local database, and determination of readonly admin vs. full admin permissions is also made against that database.

LDAP Authentication

If LDAP authentication is enabled, the password is authenticated against LDAP, trying first the “Admin” LDAP settings, then if that fails, the “Readonly Admin” LDAP.

After either of these LDAP authentications succeeds, there is one more check against the local database which can override the readonly admin vs full admin permissions determined by LDAP. This could be useful if you want to just setup one LDAP query for authentication of admins and manage the readonly vs. full admin determination in the local database.

 


Comments

This post is locked
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ