LDAP Authentication


LDAP (Lightweight Directory Access Protocol) is a TCP/IP protocol used to run queries in the corporate directory. It is used by applications that require user authentication. It queries the corporate directory to check the identity of users using their login and password.

Product name - ev itsm.png integrates an access rights management system (authentication mechanism) based on two concepts: 

  • Authentication elements: Login and password of each user. 
  • Authorizations: Management of profiles and domains

Customers can use the access rights management system integrated in Product name - ev itsm.png or integrate their LDAP directory service (Microsoft Active Directory, OpenLDAP, etc.) within Product name - ev itsm.png.

Operating principle

When LDAP authentication is enabled in Product name - ev itsm.png:

  • Users who are not listed in the corporate directory must be created in Product name - ev itsm.png, e.g. outsourced service providers, subcontractors, system users, etc. :
  • The other users are imported from the corporate directory:
    • To Product name - ev itsm.png. Users are required to enter their login only. The login which establishes the link with the corporate directory must be identical to it. 
    • The password, profiles and domains are automatically managed using the information in the corporate directory and must not be modified in Product name - ev itsm.png.

When users log in to Product name - ev itsm.png using their login and password, the corporate directory will be queried:

  • Users are found ==> Access to Product name - ev itsm.png is authorized.
  • Users are not found ==> A search is run using the login and password in Product name - ev itsm.png:
    • Users are found (non-corporate users) ==> Access is authorized.
    • Users are not found ==> Access to Product name - ev itsm.png is rejected.

Notes

  • To establish the link between Product name - ev itsm.png and the corporate directory, the login in both applications must be identical.
  • Authentication elements are not stored in Product name - ev itsm.png.
  • If authentication does not work, you can use the login and password for the system account, ADMINEZV/ADMIN, which are not subject to LDAP authentication. 
  • To export the LDAP directory in a TXT file, use the MS-DOS command line, csvde -f filename.txt
  • If you modify any authentication element, you must restart the SmoServer service.

Best Practice big icon.pngBest practice

Implementing LDAP authentication in Product name - ev itsm.png:

  • Request the following information from the corporate directory administrator:
    • Connection settings to the corporate directory. 
    • The names of the columns where profile IDs and domain IDs are stored.
  • Specify the preimport tables.
  • Restart the smoServer service.

Screen description

       Ldap.png

Menu access: Administration > LDAP Authentication

LDAP Authentication (information required for connecting to the corporate directory)

Active: Used to indicate if the authentication elements used are those from the LDAP directory (box is checked) or those from Product name - ev itsm.png (box is not checked).

LDAP Server: Name or IP address of the machine hosting the directory. 

Port: TCP port for connecting to the directory. As a general rule, port 389 is used.

User DN: Path to the directory records (FQDN or Fully Qualified Domain Name): CN=Administrator, CN=users, DC=easyvista, DC=priv

Password: Password for connecting to the directory. In VMware, the default value = staff.

Base DN: Node used for the query. 

Login Attribute: Login for connecting to the directory. Note: This should be specified only if the LDAP directory administrator modified the default attribute, sAMAccountName.

LDAP Habilitation (information required for mapping profile ID and domain ID fields between the corporate directory and Product name - ev itsm.png) Note: This functionality is available only for Microsoft Active Directory. The LDAP Authentication section must be enabled (the Active box must be checked).

Active: Used to indicate if the authorizations used are those from the LDAP directory (box is checked) or those from Product name - ev itsm.png (box is not checked).

Attribute of Profile: In the corporate directory, the name of the column where profile IDs are stored. 

Attribute of Domain: In the corporate directory, the name of the column where domain IDs are stored. 

Procedure: How to enable LDAP authentication

1. Select Administration > LDAP Authentication in the menu.

2. For corporate directories that manage authorizations (e.g. Microsoft Active Directory), specify the information on authentication elements and authorizations and click [ ENREGISTRER ].

3. Log out of Product name - ev itsm.png.

4. Restart the SmoServer service.

5. Log in again to Product name - ev itsm.png.

  • Use one of the logins and passwords in the corporate directory to test access to Product name - ev itsm.png.
  • Check that users will not be able to modify their password in the user information zone. The Password close icon.png icon should not appear.
  • Check that the different domains are accessible in the user information zone.

6. If the Invalid Login/Password message appears:

  • Log in to Product name - ev itsm.png using the system account login and password, ADMINEZV/ADMIN, which are not subject to LDAP authentication. The password field is case-sensitive.
  • Select Administration > LDAP Authentication in the menu. Select the Active box in the LDAP Authentication section.
    Click [ ENREGISTRER ].
  • Log out of Product name - ev itsm.png.
  • Restart the SmoServer service.
  • Log in again to Product name - ev itsm.png using one of the logins and passwords in the corporate directory.

    Open url.png  See Integrating an LDAP directory containing employee data.

Tags:
Last modified by Unknown User on 2016/07/11 14:56
Created by Administrator XWiki on 2013/03/25 18:09

Shortcuts

Recent Updates

Haven't been here in a while? Here's what changed recently:

-   Product name - ev itsm.png
-   Product name - ev sas.png

Interesting Content

How to Automate Integration
Add a Shortcut to an App
History
Quick Dashboard
Full text search - Stop Words

Powered by XWiki ©, EasyVista 2018