Install and Setup sysPass<\/h2>\n\n\n\n
Follow the link below to install and setup sysPass.<\/p>\n\n\n\n
Install and setup sysPass on Linux<\/a><\/p>\n\n\n\n To begin, ensure sysPass is installed with PHP-LDAP modules.<\/p>\n\n\n\n Create an group of OpenLDAP that can be used to control access to sysPass. All members of the group to be created will allowed to access\/login to sysPass.<\/p>\n\n\n\n Follow our guide below to learn how to setup OpenLDAP groups.<\/p>\n\n\n\n How to Create OpenLDAP Member Groups<\/a><\/p>\n\n\n\n In our OpenLDAP server, we have created a group called Some members have been added to this group as evident in the command output below;<\/p>\n\n\n\n Sample output;<\/p>\n\n\n\n Once you have setup your OpenLDAP user\/groups for sysPass authentication, login to sysPass web user interface as administrator.<\/p>\n\n\n\n This will be required to specify the default group under which OpenLDAP users belong to on sysPass.<\/p>\n\n\n\n To create group, click Users and accesses<\/strong> icon > GROUPS > New Group.<\/p>\n\n\n\n Save the group.<\/p>\n\n\n\n Next, create OpenLDAP Users default Profile<\/p>\n\n\n\n This is where you define the default permissions to be assigned to a specific user profile. To create a profile, click Users and accesses<\/strong> icon > PROFILE > New Profile.<\/p>\n\n\n\n Sample account permissioms.<\/p>\n\n\n\n For the rest of the accesses, we didn’t give any for this particular profile. Feel Free to set the accesses accordingly.<\/p>\n\n\n\n So we now have a group, Note that you should be able to define the specific profile\/groups once the LDAP users are in the sysPass system.<\/p>\n\n\n\n Next, click the gear icon to access the configuration menu and click LDAP.<\/p>\n\n\n\n Install OpenLDAP utilities on the sysPass server;<\/p>\n\n\n\n Download LDAP CA cert;<\/p>\n\n\n\n Install the OpenLDAP CA cert on specific path;<\/p>\n\n\n\n You can use one command though;<\/p>\n\n\n\n Once you have configured sysPass for OpenLDAP authentication, you need to generate a temporary master password as it is required for every first login. Temporary master password is used so as not to reveal the original admin password.<\/p>\n\n\n\n To generate temporary master password, login to sysPass as admin and navigate to Configuration > Encryption > Temporary Password<\/strong>. Note the lifetime<\/strong> of the password.<\/p>\n\n\n\n For every new user logging in, share with them the temporary master password generated.<\/p>\n\n\n\n For example, logging in as our LDAP user janedoe;<\/p>\n\n\n\n When you first enter your credentials and press Enter, authentication will fail with Master password is not saved or wrong<\/strong>.<\/p>\n\n\n\n The enter the username\/password and temporary master password provided.<\/p>\n\n\n\n From Administrator site, you should be able to see LDAP accounts added to the sysPass system.<\/p>\n\n\n\nIntegrate sysPass with OpenLDAP for Authentication<\/h2>\n\n\n\n
php -m | grep ldap<\/code><\/pre>\n\n\n\nCreate OpenLDAP User Group for sysPass<\/h3>\n\n\n\n
syspass<\/code><\/strong>.<\/p>\n\n\n\nldapsearch -H ldapi:\/\/\/ -Y EXTERNAL -LLL -Q -b \"dc=ldapmaster,dc=kifarunix-demo,dc=com\" cn=syspass<\/code><\/pre>\n\n\n\ndn: cn=syspass,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com\nobjectClass: groupOfNames\ncn: syspass\nmember: uid=johndoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\nmember: uid=janedoe,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\nmember: uid=devadmin,ou=people,dc=ldapmaster,dc=kifarunix-demo,dc=com\n<\/code><\/pre>\n\n\n\nCreate OpenLDAP users group.<\/h3>\n\n\n\n
![\"Integrate](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/05\/syspass-user-groups.png\" "\\"\\"")
<\/figure><\/a><\/div>\n\n\n\n![\"\"](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/05\/syspass-profile-account-permissions.png\" "\\"\\"")
<\/figure><\/a><\/div>\n\n\n\nldapuser-gp<\/code><\/strong>, and profile, ldapusers-pf<\/code><\/strong>.<\/p>\n\n\n\n![\"Integrate](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/05\/syspass-ldap-configuration.png\" "\\"\\"")
<\/figure><\/a><\/div>\n\n\n\n\n
\n
standard<\/code><\/strong>.<\/li>\n\n\n\n\n
\n
cn=readonly,ou=system,dc=ldapmaster,dc=kifarunix-demo,dc=com.<\/code><\/strong><\/li>\n<\/ul>\n<\/li>\n\n\n\n\n
\n
dc=ldapmaster,dc=kifarunix-demo,dc=com<\/code><\/strong>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n\n
cn=syspass,ou=groups,dc=ldapmaster,dc=kifarunix-demo,dc=com<\/code><\/strong>.<\/li>\n<\/ul>\n<\/li>\n\n\n\n![\"Integrate](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/05\/syspass-ldap_configuration.png\" "\\"\\"")
<\/figure><\/a><\/div>\n\n\n\n\n
![\"Integrate](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/05\/syspass-test-ldap-connection.png\" "\\"\\"")
<\/figure><\/a><\/div>\n\n\n\nInstall OpenLDAP server CA cert and define the path on sysPass server.<\/h3>\n\n\n\n
apt install ldap-utils -y<\/code><\/pre>\n\n\n\nopenssl s_client -connect ldap:389 -starttls ldap -showcerts <\/dev\/null 2>\/dev\/null | openssl x509<\/code><\/pre>\n\n\n\n\n-----BEGIN CERTIFICATE-----\nMIIDozCCAougAwIBAgIUDd\/aVBaJgUpWFNUbXOHYZTIb5KYwDQYJKoZIhvcNAQEL\nBQAwYTELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE\nCgwTRGVmYXVsdCBDb21wYW55IEx0ZDEdMBsGA1UEAwwUKi5raWZhcnVuaXgtZGVt\nby5jb20wHhcNMjIwMTIyMjAwOTUwWhcNMjMwMTIyMjAwOTUwWjBhMQswCQYDVQQG\nEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENv\nbXBhbnkgTHRkMR0wGwYDVQQDDBQqLmtpZmFydW5peC1kZW1vLmNvbTCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBANVwVxFtjvHrgTHADFmE\/NfsBjnnsorD\nd6Hww+RDKTTdwpSQtAi5e9roP4umjLelQmIs2iPijBwFzTwh1ok7e40K0WFUCXwW\nO2R2FomvwXe5D5VmlXLc4jY8\/z6QuSv\/j27q3DT44ywV8WmtWQ732cLo6YT1e441\nLeXcCn258zvH8QE4UJOErJqDijFzuSxTj0gAsHe7ef+B2rhhD9Jzh6g4RYzDWmI3\noAZT\/oArfWJFf+yP9eCunn\/Q+b2RVWB9\/Do9MYGdqOJJcDJ1w3pAyuEUWnDqTrhR\nwjpIFub8lRlqrlNv7raw++aIIIUzCkl74\/ReLgMRYlHAHC2pfMgLYjkCAwEAAaNT\nMFEwHQYDVR0OBBYEFMN\/TE6ZSw95erqDLAXa\/LOfRFtqMB8GA1UdIwQYMBaAFMN\/\nTE6ZSw95erqDLAXa\/LOfRFtqMA8GA1UdEwEB\/wQFMAMBAf8wDQYJKoZIhvcNAQEL\nBQADggEBAL+PuCNgR0MnOzl6IrxVZA9dDH0\/DnMm2WjxkS3w5sfIPpUlVgSHmVeT\n+a9raqFrve7RXHRBwouWlO\/3n0218WSns6nyl9hTWbYIlIjCTFVCEFe68Q0ulcPy\nAUEQBoKc6fUZCtenJDo2SVKt7dnX1EAi4Ohnig+f9zMrYFxYajdFAxJJV6wxJnnF\nduLYpRexUxdzOvPUP4vkP2haZmRRWBDfmj2bSQF\/r3DE4Yg8nVxHndsmxcVls4wF\n7ddAL\/Gx5Lv3QZPpxi8ZcHV8SRCP8N5VZP+hINr\/M4gw3YO\/S5F0TXnq5LQP0ePD\nbkc1+yvlgKUPaXH20\/C1COiGI+r8UGA=\n-----END CERTIFICATE-----\n<\/code><\/pre>\n\n\n\n\ncat > \/etc\/ssl\/certs\/openldap-ca.pem << 'EOL'\n-----BEGIN CERTIFICATE-----\nMIIDozCCAougAwIBAgIUDd\/aVBaJgUpWFNUbXOHYZTIb5KYwDQYJKoZIhvcNAQEL\nBQAwYTELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0eTEcMBoGA1UE\nCgwTRGVmYXVsdCBDb21wYW55IEx0ZDEdMBsGA1UEAwwUKi5raWZhcnVuaXgtZGVt\nby5jb20wHhcNMjIwMTIyMjAwOTUwWhcNMjMwMTIyMjAwOTUwWjBhMQswCQYDVQQG\nEwJYWDEVMBMGA1UEBwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENv\nbXBhbnkgTHRkMR0wGwYDVQQDDBQqLmtpZmFydW5peC1kZW1vLmNvbTCCASIwDQYJ\nKoZIhvcNAQEBBQADggEPADCCAQoCggEBANVwVxFtjvHrgTHADFmE\/NfsBjnnsorD\nd6Hww+RDKTTdwpSQtAi5e9roP4umjLelQmIs2iPijBwFzTwh1ok7e40K0WFUCXwW\nO2R2FomvwXe5D5VmlXLc4jY8\/z6QuSv\/j27q3DT44ywV8WmtWQ732cLo6YT1e441\nLeXcCn258zvH8QE4UJOErJqDijFzuSxTj0gAsHe7ef+B2rhhD9Jzh6g4RYzDWmI3\noAZT\/oArfWJFf+yP9eCunn\/Q+b2RVWB9\/Do9MYGdqOJJcDJ1w3pAyuEUWnDqTrhR\nwjpIFub8lRlqrlNv7raw++aIIIUzCkl74\/ReLgMRYlHAHC2pfMgLYjkCAwEAAaNT\nMFEwHQYDVR0OBBYEFMN\/TE6ZSw95erqDLAXa\/LOfRFtqMB8GA1UdIwQYMBaAFMN\/\nTE6ZSw95erqDLAXa\/LOfRFtqMA8GA1UdEwEB\/wQFMAMBAf8wDQYJKoZIhvcNAQEL\nBQADggEBAL+PuCNgR0MnOzl6IrxVZA9dDH0\/DnMm2WjxkS3w5sfIPpUlVgSHmVeT\n+a9raqFrve7RXHRBwouWlO\/3n0218WSns6nyl9hTWbYIlIjCTFVCEFe68Q0ulcPy\nAUEQBoKc6fUZCtenJDo2SVKt7dnX1EAi4Ohnig+f9zMrYFxYajdFAxJJV6wxJnnF\nduLYpRexUxdzOvPUP4vkP2haZmRRWBDfmj2bSQF\/r3DE4Yg8nVxHndsmxcVls4wF\n7ddAL\/Gx5Lv3QZPpxi8ZcHV8SRCP8N5VZP+hINr\/M4gw3YO\/S5F0TXnq5LQP0ePD\nbkc1+yvlgKUPaXH20\/C1COiGI+r8UGA=\n-----END CERTIFICATE-----\nEOL\n<\/code><\/pre>\n\n\n\nopenssl s_client -connect ldap:389 -starttls ldap \\\n-showcerts <\/dev\/null 2>\/dev\/null |\\\nopenssl x509 > \/etc\/ssl\/certs\/openldap-ca.pem<\/code><\/pre>\n\n\n\nsysPass OpenLDAP User Login<\/h3>\n\n\n\n
![\"Integrate](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/05\/ldap-user-authentication-syspass.png\" "\\"\\"")
<\/figure><\/a><\/div>\n\n\n\n
![\"Integrate](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2022\/05\/ldap-user-accounts.png\" "\\"\\"")
<\/figure><\/a><\/div>\n\n\n\n