Pre-RequisitesIn order to be able to use the LDAP integration offered by MIDAS, a number of pre-requisites must first be met:
MIDASYour must be running MIDAS v4.06 (or later) on your own server (self-hosted), and your MIDAS must be licensed for "Unlimited" users.
ServerIt is assumed that you already have an Active Directory setup and running within your infrastructure, and that you have a working knowledge of your company's Active Directory. Setting up of an Active Directory itself is beyond the scope of this documentation.
It is also assumed that you're running either an Internet Information Services (IIS) or an Apache (on Windows) web server. Configuring other server/platform combinations for Active Directory integration (for example Apache on Linux) may be possible, however such configuration is beyond the scope of this documentation.
ApacheFor Apache on Windows, the module "mod_auth_sspi.so" or "mod_authnz_sspi.so" is required on the server where your MIDAS system resides. See Configuring Apache
IISWindows authentication needs to be enabled on the server where your MIDAS system resides. See Configuring IIS
PerlThe Perl module Net::LDAP is required on the server where your MIDAS system resides. This module provides LDAP support to Perl (the programming language MIDAS is written in) and may be freely obtained via CPAN.
AD UsersAll Active Directory users must have a unique email address associated with their AD entry in order for them to be able to authenticate and login to MIDAS.
Active Directory users should also be assigned a "Primary Group" within your AD. A user's "Primary Group" is subsequently used by MIDAS to determine the set of permissions to be applied to the user. If an AD user has no "Primary Group" set, MIDAS will allocate them a very basic/restrictive set of permissions instead.
End UsersEnd users must be logged on to their computer/workstation through your Active Directory. If they logged onto their device "locally", they may not be able to seamlessly authenticate against your Active Directory when they open MIDAS, and may instead be prompted for their system credentials.
User's browsers must also be capable of determining the username of the logged in user. See Configuring Browsers