Active Directory Authentication

This guide outlines how to configure Active Directory (AD) authentication for your Sirportly installation. In order to use this you must have an Active Directory server running and your Sirportly server must be able to communicate with the LDAP service.

Configuring your application

In order to enable AD authentication, open up your Sirportly configuration file and ensure that you remove the local authenticator.

config.module :local

And replace it with the following, remembering to change the details to those of your active directory server.

config.module :active_directory
config.active_directory = { :server => 'ad.company.com', :base => 'DC=company,DC=com', :domain => 'company.com' }

Once you have configured this, you should restart Sirportly using the restart sirportly command. Once restarted, any login attempts will be authenticated by checking the user's password on your AD server. Any local users which may have been configured before you enabled AD will need to exist within the AD domain otherwise they will be unable to login.

Creating your initial AD user

In order to login using Active Directory, you must configure the users within the Sirportly user management system. By default, a new installation is created with a user named admin. If you do not have an admin user on your AD server, you will need to use the following command to create a new admin user with a username which matches a user on your AD server.

$ cd /opt/sirportly/app
$ /opt/sirportly-distrib/ruby/bin/ruby modules/authenticators/active_directory/create_user.rb username_here

Don't forget to change /opt/sirportly to the path to your sirportly installation if appropriate and ensure that you replace username_here with the username of the user you wish to create. Once this has been created, you can login to your helpdesk using this username and the user's corresponding Active Directory password.

Additional Users

Once you have logged in, you can use the Staff Management functionality in order to create users. The usernames you enter when creating new Sirportly users must match username's which have been created on your AD domain. The user is unable to change their password through Sirportly and this must be carried out using a machine connected to your AD domain.

These users can also be created using the API.

User Properties

A user's full name & e-mail addresses are not transferred from your LDAP database and are maintained separately within the Sirportly database. Any user can change this from the My Settings menu in the top right of the window.