cPanel, Using Active Directory to control who receives editing permissions for your website and applications

Many applications you might install in your account are able to connect to Active Directory (AD) LDAP to provide authentication and authorization. The process for connecting to the campus AD from this cPanel service is different than the process for connecting to AD from on campus.

Prerequisites

Before you can connect your application you will need a couple items.

  • Service User/Account: This is an AD account you or your department controls, but is not your own NetID account. It will be used to connect to AD and perform searches needed for authentication and authorization. If you are not certain how to create a service user, then you will need to contact your department IT professional.
  • MemberOf Access: Some applications use the "memberOf" attribute to determine group membership. Access to this attribute is restricted on the campus AD. To gain access you will need to follow the instructions for  MemberOf Access at Active Directory, MemberOf Access .
  • Documentation or Plugins for your application: Please carefully review the documentation for your application. Additional plugins may be required to use AD for authentication and authorization.

LDAP Connection Information

When connecting from the cPanel service you will use the campus AD controllers hosted in AWS.

  • URL: ldap://ldap-ad-aws.ldap.illinois.edu:389/
  • Host: ldap-ad-aws.ldap.illinois.edu
  • Port: 389
  • Security: StartTLS, START_TLS, or TLS. We do not support using LDAPS or LDAP SSL at this time.
  • Certificate File: /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
  • Bind Username/Password: the service account for your application. You specify this one of these ways:
    • Domain prefix: UOFI\MyServiceAccount
    • Domain scoped: MyServiceAccount@ad.uillinois.edu
    • Full Distinguished Name: CN=MyServiceAccount,OU=MyOU,OU=Urbana,DC=ad,DC=uillinois,DC=edu
  • User/Search Base: DC=ad,DC=uillinois,DC=edu
    • For only NetID access use "OU=People,DC=ad,DC=uillinois,DC=edu".
  • Group Base: OU=Urbana,DC=ad,DC=uillinois,DC=edu
    • You might get better performance if you narrow this base to be only your OU.



Keywords:cPanel, web hosting, AD, active directory, permissions, web apps   Doc ID:84990
Owner:Web H.Group:University of Illinois Technology Services
Created:2018-08-17 15:46 CDTUpdated:2018-09-26 14:10 CDT
Sites:University of Illinois Technology Services
Feedback:  0   0