Pre-RequisitesIn order to be able to use the LDAP integration offered by MIDAS, the following pre-requisites must first be met:
MIDASYour must be running MIDAS v4.06 (or later) on your own server (self-hosted), and your MIDAS must be licensed for "Unlimited" users.
ServerIt is assumed that you already have an Active Directory setup and running within your infrastructure. Setting up of an Active Directory itself is beyond the scope of this documentation.
It is also assumed that you're running either an Apache or an IIS web server.
ApacheThe module "mod_auth_sspi.so" is required on the server where your MIDAS resides. See Configuring Apache
IISWindows authentication needs to be enabled on the server where your MIDAS resides. See Configuring IIS
PerlThe Perl module Net::LDAP is required on the server where your MIDAS resides. This module provides LDAP support to Perl (the language MIDAS is written in) and may be freely obtained via CPAN.
AD UsersAll Active Directory users must have a unique email address associated with their AD entry in order for them to be able to authenticate and login to MIDAS.
Active Directory users should also be assigned a "Primary Group" within the AD. A user's "Primary Group" is susequently used by MIDAS to determine the set of permissions to be applied to the user. If an AD user has no "Primary Group" set, MIDAS will allocate them a very basic/restrictive set of permissions instead.
End UsersEnd users must be logged on to their computer/workstation through your Active Directory. If they logged onto their device "locally", they may not be able to seamlessly authenticate against your Active Directory when using MIDAS, and may instead be prompted for their system credentials.
User's browsers must also be capable of determining the username of the logged in user. See Configuring Browsers