MunkiWebAdmin2 - Setting up Active Directory

MunkiWebAdmin2 - Setting up Active Directory

2016, Feb 29    

Greg Neagle has released early builds of MunkiWebAdmin2 which you can check out here.  MWA2 forgoes reporting and sticks strictly to managing your Munki repository by providing the ability to edit Manifests and pkginfo files through the web.  For reporting, it is highly recommended that you either use Sal or MunkiReport-PHP (both of which are excellent).  In this post however I'm going to highlight setting up Active Directory authentication in MunkiWebAdmin2.  Check below for the process.

To setup Active Directory in MunkiWebAdmin2 we are going to use Greg's start code in the file and make some modifications. We are also going to add some additional pieces so that the administration site is automatically setup for your groups.

Now let's talk about this code. First of all you want to make sure you are searching for the correct users and groups. Secondly, you want to make sure that you require a certain group membership so not just anyone can log into MunkiWebAdmin. Lastly, The piece at the bottom, we can define who can access what part of administrative console. I like to provide AD integration for the admin console but you can of course use a local account in the Django database as well. In our environment, we actually do not utilize the "is staff" portion and only utilize "is active" and "is superuser" since we are a smaller unit. Now, since "is active" does not have any permissions to start you will want to log into the console with one of your superuser account and provide permissions for those users that login or you can create a local group in Django with the permissions you want and add them to that group.

Also when running MunkiWebAdmin2 with Greg's instructions to use runwsgiserver pay close attention to the logging in the command line as it will provide useful information if your directory authentication is not working. Currently, I am using runwsgiserver as a production way of running MunkiWebAdmin2 since this site is only available internally to 4 people. You can of course specify an SSL certificate and private key to put the site in HTTPS mode which is great. Here is the command to perform that.

python runwsgiserver host= port=8000 ssl_certificate='location of certificate file' ssl_private_key='location of private key file'

So far testing of MunkiWebAdmin2 has been very positive and the ability to edit pkginfo files within the website is great. Also you can now see conditionals when editing manifests. If you have questions or comments please let me know.