LDAP Authentication (NoTouch Center)

            LDAP Authentication (NoTouch Center)

            NoTouch Center is a tool for system administrators to manage their endpoints. It not only maintains a list of local user accounts, but it also supports user authentication via LDAP using either Microsoft Active Directory or Novell eDirectory. So, if you want to allow several sysadmins to access NoTouch Center without having to create accounts for them in NoTouch Center, this is what you need.

            Note: This feature is intended for enterprise usage. If you have just a few persons working with NoTouch Center, you are probably better off using local accounts as LDAP creates another dependency, to the LDAP server.

            Even when using LDAP authentication, local accounts such as the "admin" user will still work so you can still log in to NoTouch Center in case the LDAP server fails. However it means that you should choose a good password for local accounts, especially the admin user. Do not use something like "admin", "test", "notouch" or so that is easy to guess.

            Parameters

            You find the LDAP configuration parameters in NoTouch Center under "Configuration" (the yellow icon top-right corner) and "Authentication": NoTouch Center Settings

            Server:
            Enter your LDAP server
            Base:
            Base for searching users (e.g. dc=myCompany,dc=com)
            Username:
            Your valid username for the LDAP server (if no username is defined, your NoTouch Center logon is used instead). This refers to an account that has the privileges to query the LDAP server. Please use UPN format (username@domain).
            Password:
            Your valid password for the user specified above (if no password is defined, your NoTouch Center logon password is used instead)
            Adminfilter:
            LDAP filter for NoTouch Center admin users.

            All AD accounts that this filter contains will be logged in as 'admins'. e.g.: (&(memberOf=CN=ADMINGROUP,OU=user,DC=myCompany,DC=com)(userPrincipalname=%user%))

            Helpdeskfilter:
            LDAP filter for NoTouch Center helpdesk user.

            All AD accounts that this filter contains will be logged in as 'helpdesk'. e.g. (&(memberOf=CN=HELPDESKGROUP,OU=test,OU=user,DC=myCompany,DC=com)(userPrincipalname=%user%))

            Rolefilter:

            All AD accounts that this filter contains will be logged in with the corresponding rights of the defined role. LDAP filter for a NoTouch Center user role. A user role is part of the Permissions management feature

            Note: If you use 'userPrincipalname' in your filter, the users must use the full domain username to log on (for example 'testuser@mycompany.com'). If you want to use the username only (in this case: 'testuser'), please use 'sAMAccountName' instead!

            Rolefilter Idea/Infos

            You add a group (e.g. OmahaAdmin) in your active directory and assign users to that group. Create an identical role in your NoTouch Center and define your rights for this role as next step. Each user of your active directory group (e.g. OmahaAdmin) can now logon with the right's assigned to your identical NoTouch Center role Note: After saving / changing your LDAP configuration with the "save" button, you have to restart your NoTouch Center!

            Tool for testing your LDAP string

            A handy tool for testing your LDAP filters can be ldp.exe and can be downloaded from  https://technet.microsoft.com/pt-pt/library/cc772839(v=ws.10).aspx

            Also, there is a few article on Microsoft's which describes how to build and test LDAP queries:

            Helpful?  
            Help us to make this article better
            0 0