Versions Compared

Old Version 5

changes.mady.by.user Melahat Elis

Saved on

compared with

New Version 6

changes.mady.by.user Olivier Michaut

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel

# Proxy Configuration
[proxy]
# Port, default "5000"
port = "5000"
# Network interface, default "0.0.0.0"
inet = "127.0.0.1"
# Enable recover on panic, default true, should be true for production environment
recover = true
# Enable Cross-Origin Resource Sharing (CORS), should be true for production environment
cors = true
# Enable Request Track ID, default true
tracker = true
# Enable Request LogguerLogger, default true
logger = true
# Rate Limit IP Request over 1 second, default 0 (unlimited)
limit = 0
# Enable the Prometheus Metric Endpoint '/metric', default false
metrics = false
# domain
csrf = false

# Service 'local' with direct authentication on the UDMG Server
[service.local]
# UDMG Server Listen Protocol
protocol = "http"
[[service.local.targets]]
# UDMG Server Hostname or IP
hostname = "localhost"
UDMG Server Port
port = 18080

# Service 'mft' with direct authentication on the UDMG Server
[service.mft]
UDMG Server Listen Protocol
protocol = "http"

[[service.mft.targets]]
UDMG Server Hostname or IP
hostname = "localhost"
UDMG Server Port
port = 18080

  • Install the binary under /usr/local/bin:
Panel

# install -m 755 udmg-auth-proxy /usr/local/bin

Configuration for LDAP Authentication

The UDMG Authentication Proxy is capable to use a LDAP Service to authenticate users for UDMG Admin UI:

Panel

# vi /etc/udmg/auth_proxy/config.toml

...

# Proxy Configuration
[proxy]
# Port, default "5000"
port = "5000"
# Network interface, default "0.0.0.0"
inet = "127.0.0.1"
# Enable recover on panic, default true, should be true for production environment
recover = true
# Enable Cross-Origin Resource Sharing (CORS), should be true for production environment
cors = true
# Enable Request Track ID, default true
tracker = true
# Enable Request Logger, default true
logger = true
# Rate Limit IP Request over 1 second, default 0 (unlimited)
limit = 0
# Enable the Prometheus Metric Endpoint '/metric', default false
metrics = false

...

# Credentials for the synchronization from LDAP to MFT service
# this user must have permission to create/update UDMG users
[service.mft.credential]
username = "ldap_sync"
password = "ldap_password"

# LDAP Configuration
[service.mft.auth.ldap]
# LDAP Server DC with OU
dn = "ou=users,dc=stonebranch,dc=com"
# LDAP Server FQDN or IP
hostname = "myldap.server.fqdn.com"
# LDAP Server Port
port = "1389"

The LDAP replication requires a user with permission for creating and updating users. For example to create the 'ldap_sync' user with the command line interface:

Panel

udmg-client user add -u ldap_sync -p ldap_password -r 'U=rw'

...

  • Install the binary under /usr/local/bin:
Panel

# install -m 755 udmg-auth-proxy /usr/local/bin


UDMG Agent Proxy

  • Create a directory under /etc/mft:

...