LDAP Authentication (NoTouch Center)

LDAP Authentication (NoTouch Center)

LDAP Authentication (NoTouch Center)

NoTouch Center is a tool for system administrators to manage their endpoints. It not only maintains a list of local user accounts, but it also supports user authentication via LDAP using either Microsoft Active Directory or Novell eDirectory. So, if you want to allow several sysadmins to access NoTouch Center without having to create accounts for them in NoTouch Center, this is what you need.

Note: This feature is intended for enterprise usage. If you have just a few persons working with NoTouch Center, you are probably better off using local accounts as LDAP creates another dependency, to the LDAP server.

Even when using LDAP authentication, local accounts such as the "admin" user will still work so you can still log in to NoTouch Center in case the LDAP server fails. However it means that you should choose a good password for local accounts, especially the admin user. Do not use something like "admin", "test", "notouch" or so that is easy to guess.

Parameters

You find the LDAP configuration parameters in NoTouch Center under "Configuration" (the yellow icon top-right corner) and "Authentication": NoTouch Center Settings

Server:
Enter your LDAP server
Base:
Base for searching users (e.g. dc=myCompany,dc=com)
Username:
Your valid username for the LDAP server (if no username is defined, your NoTouch Center logon is used instead). This refers to an account that has the privileges to query the LDAP server. Please use UPN format (username@domain).
Password:
Your valid password for the user specified above (if no password is defined, your NoTouch Center logon password is used instead)
Adminfilter:
LDAP filter for NoTouch Center admin users.

All AD accounts that this filter contains will be logged in as 'admins'. e.g.: (&(memberOf=CN=ADMINGROUP,OU=user,DC=myCompany,DC=com)(userPrincipalname=%user%))

Helpdeskfilter:
LDAP filter for NoTouch Center helpdesk user.

All AD accounts that this filter contains will be logged in as 'helpdesk'. e.g. (&(memberOf=CN=HELPDESKGROUP,OU=test,OU=user,DC=myCompany,DC=com)(userPrincipalname=%user%))

Rolefilter:

All AD accounts that this filter contains will be logged in with the corresponding rights of the defined role. LDAP filter for a NoTouch Center user role. A user role is part of the Permissions management feature

Note: If you use 'userPrincipalname' in your filter, the users must use the full domain username to log on (for example 'testuser@mycompany.com'). If you want to use the username only (in this case: 'testuser'), please use 'sAMAccountName' instead!


Please see sample settings:



Admin's Filter: (&(memberOf=CN=ntcadmingroup,OU=NTC,DC=qas,DC=com)(sAMAccountName=%user%))
Helpdesk's Filter: (&(memberOf=CN=ntchelpdeskgroup,OU=NTC,DC=qas,DC=com)(sAMAccountName=%user%))

Rolefilter Idea/Infos

You add a group (e.g. OmahaAdmin) in your active directory and assign users to that group. Create an identical role in your NoTouch Center and define your rights for this role as next step. Each user of your active directory group (e.g. OmahaAdmin) can now logon with the right's assigned to your identical NoTouch Center role Note: After saving / changing your LDAP configuration with the "save" button, you have to restart your NoTouch Center!

Tool for testing your LDAP string

A handy tool for testing your LDAP filters can be ldp.exe and can be downloaded from  https://technet.microsoft.com/pt-pt/library/cc772839(v=ws.10).aspx

Also, there is a few article on Microsoft's which describes how to build and test LDAP queries:

    • Related Articles

    • NTC LDAP Role Filter Configuration

      On Domain Controller, create a group (e.g. customntcgroup) Create a user and add it to created group. Login to NoTouch Center as Administrator. Go to Users – Create Role. Enter Role name (i.e. customntcgroup) PS: Name of created group on domain ...
    • LDAP - Active Directory - Global Catalog

      Authenticating users from Active Directory forests (not only from a single domain) is possible in NoTouch Center. The NTC appliance needs to be configured to talk with the Active Directory Global Catalog server then though. The LDAP Server URL in ...
    • NoTouch Center Appliance Install on a HyperV VM

      This article is for anyone wanting to install the NComputing NoTouch Center Appliance specifically on Microsoft HyperV 2016 Currently there are not screen shots but I will make sure and be descriptive and will reference relevant links mentioned.  ...
    • NoTouch Center : Backup and Restore

      Access VA-admin console by clicking on "VIRTUAL APPLIANCE ADMINISTRATION" link appearing on the login page. Provide credential and login. Click on BACKUP icon appearing at the top-right corner of the page. Click on "Retrieve Backup" link to get ...
    • Update NTC

      Login to NoTouch VA Admin Portal by accessing URL https://ntc_ipaddress/va-admin  or by accessing NTC Login Page and clicking on "VIRTUAL APPLIANCE (CONTAINER) ADMINISTRATION" link under Login button. In the NTC Virtual Appliance Administration page, ...