Users Overview

Heimdall currently provides a built-in user database that allows individual users to have defined authentication (password) and login locations defined.

Further, if desired, a user can be configured as a read-only user, and Google Authenticator compatible two-factor authentication.

Internally, passwords are stored in the same way that OpenLDAP stores them by default, i.e. Salted SHA. Example, {SSHA}cca9bbffe6879f8367ab681952da2f995bf1668f

Configurable fields:

  • Username: the login of the user or JDBC connection

  • Password: The password of the user–please avoid using “:” as it may impact authentication

  • Hostname or IP address: One of

    • IPv4 IP address in the format defined here
    • IPv6 IP address in the format defined here
    • Subnet address defined with either an IPv4 or IPv6 network address plus “/” and the subnet size
    • A DNS hostname that resolves to one or more IPv4 or IPv6 addresses. If more than one is provided, than any resolved IP is allowed.
    • In the event no users are defined, than unrestricted access is allowed
    • If no hostnames or IPs are provided for a given user, then the user is provided unrestricted access from any network
  • Read Only User: If enabled, they will not be able to implement any changed to the configuration, but will be able to access any resources allowed by their filter. Moreover, it will block Manage tabs such as Users, Admin, Certificates and other various options like "Test Connection" button in Data Sources tab.

  • Two Factor Authentication: If enabled, it will present bar-code that can be scanned into the Google Authenticator software, and an account code, which can be used in place of the bar-code. This ID is in addition to the normal password authentication the user will be required to provide.

  • Authenticate By LDAP: If enabled, user will be authenticated by LDAP server configured in Admin tab.

Basic User - require "Username" and "Password"

LDAP user - require "Username" and "Authenticate by LDAP"

You can set up LDAP Configuration in the admin tab. (Manage section -> Admin tab -> LDAP Configuration)