Advanced Configuration Settings

This tab contains settings related to database connection management, as well as User ID and Domain handling.

While the top two settings are stored in the Identikey Server configuration file, the other settings are stored inside the database itself, in the Control table. Each database has its own Control table, so those settings may need to be modified in more than one database.

See 3.7 Database Connection Handling for more details about the connection management settings.

Data Source-Independent Connection Settings

The following settings are not specific to a data source, but relate to the handling of connections to all data sources:

Connection Wait Time (ms): the time in milliseconds to wait for a database connection to become available when processing a command, before giving up and failing the request.

Enable Load Sharing: whether to use the extra data sources (after the first one) when the first one is busy (enabled), or only when it cannot be contacted (disabled).

Data Source-Specific Connection Settings

The following settings are specific to each data source and can be configured differently in each if required. Use the Data Source Connection drop-down to view and edit the settings for each data source.

Max Connections: the maximum number of connections to establish to this data source.

Idle Timeout (seconds): the maximum time for which a connection can be idle before it is closed.

User ID and Domain Settings

The following settings are stored in the Control table and are therefore configured in each data source separately.

However, they should normally be the same in each data source. You will have to make sure that they are configured in each data source, as there is no automatic replication of these settings.

User ID Conversion / Case

Use Windows User Name Resolution Master Domain

They are explained in more detail below:

User ID Conversion

The case in which the Identikey Server will save and retrieve User IDs will depend on:

The capabilities and settings of the database used as the data store for the Identikey Server. Your database may require case sensitivity in queries, or may store all data in lower or upper case.

Configuration settings for the Identikey Server.

The Identikey Server may be configured to save and retrieve User IDs and domain names in:

Lower case Upper case

No conversion – data is saved or searched on exactly as entered.

The default configuration setting for the Identikey Server when using an embedded database is Convert to Lower.

When using another ODBC database, the default is No Conversion.

Caution

Before changing the configuration setting, you need to make sure that existing User IDs and Domain names will not be invalidated by the new setting, or that they are deleted before the setting is changed. For example, if the current setting is No Conversion and you change to Convert to Lower, a User ID “TestUser” would become invalid. This Digipass User account must be deleted before changing the Case Conversion setting.

Typically, this setting should be changed shortly after installation, so you do not have to deal with a lot of existing Digipass User account and Domain records.

If you want to move from Convert to Lower to Convert to Upper, or vice versa, it will be necessary to make the change in two steps, via No Conversion. While the setting is No Conversion, upper or lower case User IDs and Domains can be created and deleted as necessary.

This is especially important for the Master Domain name. The default Master Domain “master”

will become invalid if you change to Convert to Upper. Therefore, you will need to create a new Domain with an upper case name and make it the Master Domain, while the Case Conversion

setting is No Conversion. See Master Domain below for instructions to change the Master Domain.

To modify the Case Conversion setting for the Identikey Server:

1. Select a data source from the list.

2. If you wish the Identikey Server to convert User IDs to upper or lower case, select Convert to Upper or Convert to Lower from the Case drop down list.

To leave User IDs and domains as they are entered, select No Conversion.

3. Click on OK.

4. The same setting must be applied in each database for each Identikey Server. This setting change is not replicated automatically to other databases.

Windows User Name Resolution

Identikey Server can use Windows functions to identify User IDs as Windows User accounts. This may be required if Windows is used as the back-end authenticator for Identikey Server.

1. Select a data source from the list.

2. To have the Identikey Server look up a User ID with Windows to find the SAM-Account-Name for the account and Fully Qualified Domain Name, tick the Use Windows User Name Resolution checkbox.

3. Click on OK.

4. The same setting must be applied in each database for each Identikey Server. This setting change is not replicated automatically to other databases.

Master Domain

The Master Domain is used as a default Domain as well as having special significance for administrative access.

For more details, see 3.5.1.1 Master Domain . To modify the domain used as the Master Domain:

1. If the new Master Domain does not already have a Domain record, create the new Domain using the Web Administration Interface.

2. Make sure there is an administrator account in the new Master Domain that has Set Administrative Privileges permission.

3. In the Advanced Settings tab of the Storage section in Identikey Server Configuration, select a data source from the list.

4. Modify the name in the Master Domain field.

Caution

Ensure that the name of the Master Domain is set to the correct case, as required by the Case Conversion setting. For example, if the Case Conversion setting is Convert to Lower, the Master Domain name must be all lower case.

5. Click on OK.

6. The same setting must be applied in each database for each Identikey Server. This setting change is not replicated automatically to other databases.

7. Click Apply or OK to make sure all changes are committed.

8. Login to the Web Administration Interface as the administrator account identified in step 2. Give this account any privileges that it requires that are missing. You will need to log off and on again as this account for the new privileges to take effect.

9. Delete the original 'master' domain if no longer required.

Note

All User accounts must be deleted from a domain before the domain record can be deleted.