Topic
  • 5 replies
  • Latest Post - ‏2015-02-17T09:05:06Z by jpoiger
bubblu
bubblu
4 Posts

Pinned topic LDAP authentication

‏2014-03-24T12:19:43Z |

I want to login with the LDAP authentication.Is any one has done this acitvity. Please specify

  • juepo
    juepo
    70 Posts

    Re: LDAP authentication

    ‏2014-05-19T08:29:42Z  

    Yes, it has been done many times using the ECM SM product installer. The installer provides a section where the LDAP data has to be configured, there is also a LDAP connection test within the installer.

    Regards

    Juergen

  • lawrenance
    lawrenance
    14 Posts

    Re: LDAP authentication

    ‏2015-02-16T12:58:25Z  

    For LDAP authentication, what if later a few new accounts have been added into this group on the Directory server, how would the ECM SM server be synchronized with LDAP server to recognize the new LDAP accounts, automatically or manually? If manually, how to achieve that? 

  • jpoiger
    jpoiger
    18 Posts

    Re: LDAP authentication

    ‏2015-02-16T17:22:10Z  

    For LDAP authentication, what if later a few new accounts have been added into this group on the Directory server, how would the ECM SM server be synchronized with LDAP server to recognize the new LDAP accounts, automatically or manually? If manually, how to achieve that? 

    Lawrenance,

    as I wrote in your other post (ECM SM does this each time a user logs on):

    User management in conjunction with LDAP works this way:
    - ECM SM requests authentication for the log on user from the directory server (password check)
    - It requests all group memberships for the user from the directory server
    - it compares the LDAP groups with the ECM SM groups (discards the ones that do not exist on the ECM SM side) and adds the roles from the ECM SM groups, the user belongs to, to the user.

    Therefore it is necessary to create in ECM SM groups which also exists in your LDAP directory. Make the respective groups members to the default ECM SM groups available in the user management (ecmsm_admins, ecmsm_operators, ecmsm_users, ecmsm_useradmins). This way you will be able to give the domain users the relevant rights.

    Regards,
    Juergen

  • lawrenance
    lawrenance
    14 Posts

    Re: LDAP authentication

    ‏2015-02-16T19:18:56Z  
    • jpoiger
    • ‏2015-02-16T17:22:10Z

    Lawrenance,

    as I wrote in your other post (ECM SM does this each time a user logs on):

    User management in conjunction with LDAP works this way:
    - ECM SM requests authentication for the log on user from the directory server (password check)
    - It requests all group memberships for the user from the directory server
    - it compares the LDAP groups with the ECM SM groups (discards the ones that do not exist on the ECM SM side) and adds the roles from the ECM SM groups, the user belongs to, to the user.

    Therefore it is necessary to create in ECM SM groups which also exists in your LDAP directory. Make the respective groups members to the default ECM SM groups available in the user management (ecmsm_admins, ecmsm_operators, ecmsm_users, ecmsm_useradmins). This way you will be able to give the domain users the relevant rights.

    Regards,
    Juergen

    jpoiger,

    Please bear with me for a moment for a simple question regarding LDAP authentication. So during ECM SM installation, what is the best practice for LDAP Advanced settings:

    - Check or Uncheck 'Required internal ECM SM user

    - Check or Uncheck 'Use LDAP for authentication and groups'

    What are the benefits for having them checked or not (on each combination)? I am kind of confusion on this.

    Thanks

  • jpoiger
    jpoiger
    18 Posts

    Re: LDAP authentication

    ‏2015-02-17T09:05:06Z  

    jpoiger,

    Please bear with me for a moment for a simple question regarding LDAP authentication. So during ECM SM installation, what is the best practice for LDAP Advanced settings:

    - Check or Uncheck 'Required internal ECM SM user

    - Check or Uncheck 'Use LDAP for authentication and groups'

    What are the benefits for having them checked or not (on each combination)? I am kind of confusion on this.

    Thanks

    Hi Lawrence,

    When discussing best practice, no two P8 environments are the same.  Each is unique and requires analysis beforehand to determine the best implementation strategy, practices, and configuration. This is a very robust solution which requires a knowledge of all these features along with a knowledge of the specific P8 environment to ensure it successfully installed. A best practice I can recommend for implementing System Monitor is to have someone with experience help you implement the solution. I would recommend reaching out to Larry Fritz at CENIT  l.fritz@cenit-group.com.  Or based on your profile, reach out internally at IBM to either Lab Services or S&S for help.

    Regards
    Juergen