Differenze tra le versioni di "Domain authentication and SSO"
(→Import domain user) |
|||
Riga 101: | Riga 101: | ||
|- | |- | ||
− | |<u>Host</u> || | + | |<u>Host</u> || Domain server address or host name || |
|- | |- | ||
− | |<u>BaseDN</u> || | + | |<u>BaseDN</u> || The domain Distinguished Name ||It shall contain the domain name parts separated by ",". |
+ | |||
+ | <u>'''Example: itmSUITE.local shall be inserted as DC=itmSUITE,DC=local'''</u> | ||
+ | |||
+ | Shall be possible define a precise OU of domain to be considered in connection | ||
+ | |||
+ | <u>'''Example: connection to Organizational Unit "TechUser" belongs to domain itmSUITE.local shall be inserted as OU=TechUsers,DC=itmSUITE,DC=local'''</u> | ||
|- | |- | ||
− | |<u>Server Type</u> || | + | |<u>Server Type</u> || Type of domain controller || AD (active Directory) and OpenLDAP are supported |
|- | |- | ||
Riga 113: | Riga 119: | ||
|- | |- | ||
− | |<u>Bind User</u> || | + | |<u>Bind User</u> || Domain user login || it will be used for current connection |
|- | |- | ||
− | |<u>Bind Password</u> || | + | |<u>Bind Password</u> || Domain user password || it will be used for current connection |
|- | |- | ||
− | |<u>Mail Option</u> || | + | |<u>Mail Option</u> || This section allows to define how to synchronize the existing domain user mail on itmSUITE user|| Add LDAP Mail to user (if not present): |
+ | |||
+ | Overwrite itmSUITE mail with LDAP mail: | ||
|- | |- | ||
− | |<u>Add LDAP Mail to Notification Mail</u> || | + | |<u>Add LDAP Mail to Notification Mail</u> || The mail will be activated on synchronized user notification addresses || |
|- | |- | ||
− | |<u>Add LDAP Mail to Outbound Mail</u> || | + | |<u>Add LDAP Mail to Outbound Mail</u> || The mail will be activated on synchronized user message addresses || |
|} | |} |
Versione delle 12:06, 22 mar 2016
Domain connection(s) can be managed in General\System\LM Settings with superadmin role.
In tab LDAP Properties is possible to manage a list of domain connection(s). Is possile to define connection(s) related to differente domain(s) or to same domain but with different BaseDN.
Field | Description | Comment |
---|---|---|
Configuration Name | The name of current Domain connection | |
Host | Domain server address or host name | |
BaseDN | The domain Distinguished Name | It shall contain the domain name parts separated by ",".
Example: itmSUITE.local shall be inserted as DC=itmSUITE,DC=local Shall be possible define a precise OU of domain to be considered in connection Example: connection to Organizational Unit "TechUser" belongs to domain itmSUITE.local shall be inserted as OU=TechUsers,DC=itmSUITE,DC=local |
Server Type | Type of domain controller | AD (active Directory) and OpenLDAP are supported |
Active | If checked: the connection is active |
By click on button Add New is possible to add a domain connection by filling the following properties
Field | Description | Comment |
---|---|---|
Configuration Name | Mandatory. The name of current Domain connection | |
Host | Mandatory. Domain server address or host name | |
Server Type | Mandatory. Type of domain controller | AD (active Directory) and OpenLDAP are supported |
BaseDN | Mandatory. The domain Distinguished Name | It shall contain the domain name parts separated by ",".
Example: itmSUITE.local shall be inserted as DC=itmSUITE,DC=local Shall be possible define a precise OU of domain to be considered in connection Example: connection to Organizational Unit "TechUser" belongs to domain itmSUITE.local shall be inserted as OU=TechUsers,DC=itmSUITE,DC=local |
Bind User | Domain user login | it will be used for current connection |
Bind Password | Domain user password | it will be used for current connection |
Active | If checked: the connection is active | Current connection can't be active until it is not checked |
Sample user's login | Domain user login used for check inserted parameters | |
Sample user's password | Domain user password used for check inserted parameters | |
Checked | If checked: the connection has been verified |
A domain connection shall be activable only after it was checked: use button Check to verify it.
At click on button Check: itmSUITE will send a request to domain with inserted credentials.
If at least 1 connection is active the user with same login on domain could use domain credentials instead of user credentials.
In this case the authentication follows these steps:
- 1. itmSUITE checks if login inserted is existing in its DB, otherwise access is not allowed.
- 2. itmSUITE sends a request with pair login, password to domain controller.
- 3. The domain controller checks if the login inserted is existing in domain and if password is correct.
- 4. If domain controller response is positive: itmSUITE allows access.
- 5. If domain controller response is negative: itmSUITE checks password on its DB and grants access if check is positive, otherwise access is not allowed.
More than one connection to domain(s) can be active at the same time: in this case the above step 2 is executed on each active connection.
Import domain user
Domain user import can be managed in General\System\Import from LDAP with superadmin role.
The connection parameters can be selected by drop list Use authentication configuration or directly inserted.
Field | Description | Comment |
---|---|---|
Use authentication configuration | Allows to select an existing domain connection | |
Host | Domain server address or host name | |
BaseDN | The domain Distinguished Name | It shall contain the domain name parts separated by ",".
Example: itmSUITE.local shall be inserted as DC=itmSUITE,DC=local Shall be possible define a precise OU of domain to be considered in connection Example: connection to Organizational Unit "TechUser" belongs to domain itmSUITE.local shall be inserted as OU=TechUsers,DC=itmSUITE,DC=local |
Server Type | Type of domain controller | AD (active Directory) and OpenLDAP are supported |
Username Attribute | TBC | |
Bind User | Domain user login | it will be used for current connection |
Bind Password | Domain user password | it will be used for current connection |
Mail Option | This section allows to define how to synchronize the existing domain user mail on itmSUITE user | Add LDAP Mail to user (if not present):
Overwrite itmSUITE mail with LDAP mail: |
Add LDAP Mail to Notification Mail | The mail will be activated on synchronized user notification addresses | |
Add LDAP Mail to Outbound Mail | The mail will be activated on synchronized user message addresses |
Schedule Import
Import of domain user scheduling can be managed in MB (Message Bus) module and configured in Action Engine.
Use of SSO (Single Sign On)
SSO (Single Sign On) can be managed in General\System\LM Settings with superadmin role.
SSO can be activated by use or protocols NTLM or NTLM2 and Microsoft(r) AD (Active Directory).