📦 A simple Active Directory browser module for LESK.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


ActiveDirectoryInspector module

To deploy simply clone the repository into the Modules directory from the base or root LESK install, as shown below:

$ cd <MySuperProjectBasedOnLESK>
$ git clone https://github.com/leskhq/LESK-Module_ActiveDirectoryInspector app/Modules/ActiveDirectoryInspector

Then make sure to optimize the master module definition, from the base directory, with:

$ ./artisan module:optimize





Installing and activating

Once a new module is detected by the framework, a site administrator can go to the "Modules administration" page and first initialize the module, then enable it for all authorized users to have access.


If your instance of LESK is already configured to authenticate against an Active Directory server, the Active Directory Inspector module may work right out of the box without any configuration required. This can be achieved because the module reverts to using LESK configuration settings when its own are not specified.

Should you want to configure the module to inspect a different server, or in order to inspect a server without using AD/LDAP authentication with LESK, here is a table listing the various configuration settings used, with their LESK equivalent:

Module LESK Default Description
active_directory_inspector.account_suffix eloquent-ldap.account_suffix @company.com Account suffix, used to build user ID
active_directory_inspector.base_dn eloquent-ldap.base_dn DC=department,DC=company,DC=com Base DN to bind to
active_directory_inspector.server eloquent-ldap.server ldapsrv01.company.com The fully qualified hostname for your AD domain controller.
active_directory_inspector.port eloquent-ldap.port 389 The TCP port number to connect to your AD server.
active_directory_inspector.user_name eloquent-ldap.user_name ldap_reader The name of the user that will query the AD server.
active_directory_inspector.password eloquent-ldap.password PaSsWoRd The password of the user that will query the AD server.
active_directory_inspector.return_real_primary_group eloquent-ldap.return_real_primary_group true Fix Microsoft AD not following standards by not returning the real primary group, may incur extra processing.
active_directory_inspector.secured eloquent-ldap.secured false Enables the use of encryption to communicate with LDAP/AD using either SSL or TLS. (Supported values: false, "ssl", "tls")
active_directory_inspector.secured_port eloquent-ldap.secured_port 636 The port number to use when using secured communications.
active_directory_inspector.recursive_groups eloquent-ldap.recursive_groups false Resolve group membership recursively. When disabled only groups that a given user is a direct member of will be returned. May incur extra processing.
active_directory_inspector.username_field eloquent-ldap.username_field samaccountname The name of the field that will contain the user name.
active_directory_inspector.email_field eloquent-ldap.email_field userprincipalname The name of the field that will contain the user's email address.
active_directory_inspector.first_name_field eloquent-ldap.first_name_field givenname The name of the field that will contain the user's first name.
active_directory_inspector.last_name_field eloquent-ldap.last_name_field sn The name of the field that will contain the user's last name.