volume="/docker/multiotp" mkdir $volume sudo chown -R 1000:1000 $volume docker run --name multiotp \ -v $volume/data:/etc/multiotp \ -v $volume/freeradius/config:/etc/freeradius \ -v $volume/multiotp/log:/var/log/multiotp \ -v $volume/freeradius/log:/var/log/freeradius \ -p 8080:80 \ -p 8443:443 \ -p 1812:1812/udp \ -p 1813:1813/udp \ -d multiotp/multiotp-open-source
docker exec -it multiotp sh # set alias alias multiotp=/usr/local/bin/multiotp/multiotp.php # Decide if you want that by default, created users need to type a prefix PIN (1|0): multiotp -config default-request-prefix-pin=0 # Decide if you want that by default, created users need to type their Active Directory password instead of PIN (1|0): multiotp -config default-request-ldap-pwd=1 # Set the AD/LDAP server type (1=Active Directory | 2=standard LDAP): multiotp -config ldap-server-type=1 # Set the user CN identifier (sAMAccountName, eventually userPrincipalName): multiotp -config ldap-cn-identifier="sAMAccountName" # Set the group CN identifier (sAMAccountName for Active Directory): multiotp -config ldap-group-cn-identifier="sAMAccountName" # Set the group attribute: multiotp -config ldap-group-attribute="memberOf" # Decide if you want to use by default an SSL connection or not (0|1): multiotp -config ldap-ssl=0 # Set the default port (389=regular | 636=SSL connection): multiotp -config ldap-port=389 # Set the Active Directory server(s), comma separated: multiotp -config ldap-domain-controllers=dc1.example.com,dc2.example.com,dc3.example.com # Set the Base DN: multiotp -config ldap-base-dn="DC=example,DC=com" # Set the Bind DN (which is the account used to connect to the AD/LDAP): multiotp -config ldap-bind-dn="CN=sa_ldap,OU=_ServiceAccount,DC=example,DC=com" # Set the password of the user used to search in the Active Directory: multiotp -config ldap-server-password="BindDNAccountPassword12345" # In which groups users must be in the Active Directory in order to be added: multiotp -config ldap-in-group="VPN-access" # Set the network timeout multiotp -config ldap-network-timeout=10 # Set the transaction time limit multiotp -config ldap-time-limit=30 # Activate the AD/LDAP support (0|1): multiotp -config ldap-activated=1 # Let's go for an AD/LDAP users synchronisation ! (users removed or deactivated in the AD/LDAP are deactivated in multiOTP) multiotp -debug -display-log -ldap-users-sync
Don't forget to schedule a script that will do the users synchronization regulary!
Вывод при синхронизации
LOG 2023-08-08 09:32:37 debug LDAP Debug: *AD/LDAP synchronization started at 09:32:37 / Memory used: 1.6MB / Peak: 1.6MB LOG 2023-08-08 09:32:37 info LDAP Info: AD/LDAP synchronization started LOG 2023-08-08 09:32:37 debug System Debug: *LDAP cache folder created (/tmp/.ldap_cache/) LOG 2023-08-08 09:32:37 debug System Debug: *LDAP cache folder value: /tmp/.ldap_cache/ LOG 2023-08-08 09:32:40 debug System Info: *File created: /etc/multiotp/users/ivanov.db LOG 2023-08-08 09:32:40 info System Info: User ivanov automatically created LOG 2023-08-08 09:32:40 debug System Info: *File created: /etc/multiotp/users/petrov.db LOG 2023-08-08 09:32:40 info System Info: User petrov automatically created LOG 2023-08-08 09:32:40 debug System Info: *File created: /etc/multiotp/users/sidorov.db LOG 2023-08-08 09:32:40 info System Info: User sidorov automatically created LOG 2023-08-08 09:32:40 info LDAP Info: 3 users created, based on 3 LDAP entries (processed in 00:00:03) 19 *INFO: Requested operation successfully done
How to configure MultiOTP to synchronized the users from an Active Directory?