• No results found

IMPLEMENTING DIRECTORY SERVICES INTEGRATION WITH HELIX MEDIA LIBRARY Revision Date: September 2014

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "IMPLEMENTING DIRECTORY SERVICES INTEGRATION WITH HELIX MEDIA LIBRARY Revision Date: September 2014"

Copied!
13
0
0

Loading.... (view fulltext now)

Download now ( 13 Page )

Full text

(1)

IMPLEMENTING DIRECTORY SERVICES INTEGRATION WITH HELIX

MEDIA LIBRARY

(2)

1. Prerequisites...3

2. Running the Test Harness ...3

3. Implementation... 10

(3)

Introduction

This guide details the process of testing and installing the AD/LDAP module to integrate the Helix Media Library with an Active Directory or LDAP service.

For the module to work, the Helix Media Library software needs to be at version 1.1 or higher, but this document concentrates on how to implement the module with version 2.5 of the Media Library. The module is a licensable option; please contact your local sales representative for details on purchasing the module.

1. Prerequisites

Before you begin, ensure that you have obtained the following information:

Which service is used? Active Directory or LDAP?

If AD is being used, will it be against Organisational Units or Security Groups. If using LDAP then OU’s are the only option.

The fully qualified domain name of the server that will be used to authenticate against?

Credentials of an account that has permissions to perform directory lookups

If different to the account specified above, credentials of another account that will be

used to test with. N.B. this account must be a member of an OU or Security Group, so that when you test it you can see the OU(s) or group(s) it is a member of.

2. Running the Test Harness

Although the Test Harness is used to check whether the connection can be made to the directory services server from the Helix Media Library, and that groups can be returned, it is important to run it to facilitate with testing the implementation. When you run the harness and it returns the groups for the test account they will be output to the text file. From here you can see which groups the account is a member of and then create one of these (exactly as it is written in the directory) in the HML in order to test whether the test user can log in. You need to run the test harness on the piece of hardware where HML is installed to test communications between it and the Directory Services Server.

(4)

2.1 Download the test harness from the location that has been provided to you by your system provider, if you do not have this please contact your local sales representative

2.2 Unzip the file and open the folder to see the following:

The two files in here that you will need to use are “AuthTestHarness.exe.config” and “run-test.bat”

The AuthTestHarness.exe.config file contains the variables that will be used to extract information from the directory and pull back the groups. It contains information values that, once configured correctly, will need to be copied over into the web.config files for the VLS and UPLOAD web sites.

2.3 The run-test.bat file is used to simulate a user logging on. When it is run another file will be created in the same directory called AuthLog.txt. This will display the information for the user pulled back from the directory. Importantly, if the configuration is correct, it will display the groups/OU’s the user is a member of at the bottom of the text file.

(5)

2.4 To set up the run-test.bat file, input the credentials of the account you are using for testing, followed by “ADAuth” or “LDAPAuth” depending on which service is in use. Enter them each with a space between them as in the example below. It should read:

AuthTestHarness.exe username password ADAuth|LDAPAuth

2.5 Save this and exit, and now open up the file AuthTestHarness.exe.config. When you open the text file it will appear as below:

(6)

Here is further detail on the values that need to be configured:

Key Explanation

AuthServerURL Fully qualified domain name of the directory server to be contacted e.g. “ad.domain.edu”

AuthServerUsername Username of account that can perform directory lookups

AuthServerPassword Password to match the above account

AuthServerAuthenticationType “Anonymous” or “None” are possibilities, but “Secure” is the most commonly used

AuthServerUserSearchFilterKey “CN” is used for LDAP searches, but for AD the most common attribute name is “SAMAccountName” AuthServerGroupSearchType If searching Against OU’s, use the attribute

“PathSearch”. If searching against Security Groups or OU’s in LDAP use the attribute “UserPropertySearch”. Use “SecurityGroupSearch” if searching for nested Security Groups or

“SecurityGroupSearchCrossDomain” if searching across multiple domains

PathSearchFilterKey This will only be used when searching against OU’s, so can be left set to “ou” regardless

UserPropertySearchName Use the attribute “groupMembership” for LDAP, or for AD use “memberOf”

UserPropertySearchFilterKey The attribute used should be “CN” for LDAP or AD EnableLogging Leave this set to “true” so we can see the text file

(7)

Here is an example of how the AuthTestHarness.exe.config file has been modified in order to return the Security Groups users are members of:

2.6 It is important the attributes are entered in correctly to match how they appear in the directory, with the correct case. For example, group membership needs to written as groupMembership, with the M in uppercase. It is a good idea to explore the directory to see which attributes are being used and how they are written. A good tool for doing this is AD Explorer, which can be downloaded here:

http://technet.microsoft.com/en-us/sysinternals/bb963907

When run, it will show the directory tree. When expanded you can click on a user to see the attributes. Below is a screenshot of AD Explorer when used to find the attributes of the user TestUser.

(8)

As the search is being run against Security Groups, the attribute “ou” can be ignored.

Using AD Explorer, it is easier to see how the search is being performed. With the config file, in this case, we are asking the directory to return the value for sAMAccountName, and what they are a member of. As we specified the account in the run-test.bat file earlier as TestUser, we are looking for it to return the group “Test Group”.

2.7 When the batch file is now run, it should return the following text file (AuthLog.txt). There will be lots of information, but the important thing is that the groups are returned, at the very bottom of the file.

(9)

If “FOUND GROUP:” appears with the group/s listed afterwards, then the configuration is correct and the integration information can be entered into the config files. If no groups are found, double check that the attributes are entered correctly and ensure you have run AD Explorer to check whether any “non-standard” attributes are being used.

2.8 If you have several domains that you wish to authenticate against you can add in further domain servers into the test harness below the first one, appending the number to the end, as follows:

(10)

<add key="AuthServerUrl2" value="domain2.org" /> <!--the url of the LDAP/AD server-->

3. Implementation

3.1 There is a DLL file that needs to be placed into the “bin” folder of the both the “vls” and “upload” directories. From within the AuthTestHarness folder, take a copy of the

Auth211R3.dll. This module is a licensable option. The file should have been provided to you by your system provider. Please contact your local sales representative if you do not have this file.

3.2 Paste a copy into each of the “bin” folder in the following locations, where C:\ is the default install location of the install.

C:\HelixMediaLibrary\vls\bin and C:\HelixMediaLibrary\upload\bin

3.3 The web.config files need to be edited to contain the information from the test harness. Before doing this it is best to take a backup of the config files, in case there is a problem. Start with the web.config in the C:\HelixMediaLibrary\vls directory.

(11)

3.4 The information from the test harness needs to be put into this file, inside the

<appsettings></appsettings> XML elements. There will be two values already present that need to be configured but weren’t in the test harness. These relate to the DLL you just put in the bin folder.

<appSettings>

<!--<add key="AuthDLLPath" value=""/> <add key="AuthTypeName" value=""/>-->

</appSettings>

Inside the speech marks, set the value for AuthDLLPath to the path to where the Auth.DLL resides for each site. For configuring the vls web.config file point to the DLL in the \vls\bin\ directory and for the upload site the DLL in the \upload\bin directory.

For AuthTypeName set the value to ADAuth for Active directory or LDAPAuth for LDAP integration.

3.5 When this is done, remove the exclamation mark, dashes and chevrons as marked above in red to uncomment the code.

(12)

3.7 Repeat this process for the web.config file in the upload folder. You can copy all of the above text to make it easier, but ensure to change the path to the Auth.dll to point to the bin directory of the upload site, C:\HelixMediaLibrary\upload\bin\Auth.dll.

(13)

4 Testing

4.6 In order to test that the configuration is correct, and the HML is authenticating against the directory, a group needs to be created in the Helix Media Library. Log in as an administrator and navigate to the Security section on the upload site. Add a new group, ensuring that it is written exactly as it appears in the directory as an OU or Security Group. Going from the example above, it can be seen from the text file that the group found was “Test Group”. Set this as the group name in HML, and give it view and upload rights to a category. Save the changes, click Back To Library and log out.

4.7 Now log in with the test user used in the batch file earlier. You should now be logged in and have access to the categories specified above.

References

Download now ( PDF - 13 Page - 686.59 KB )

Related documents

Diy Wifi Raspberry Pi Touch Cam

The others (e.g. Playing Videos, adding the shutdown button) are not crucial to the camera project but can be done if you’re also interested in exploring these capabilities.

CITY OF GLENDORA For Immediate Release

Chief Rob Castro presented a state of police department address highlighting the many accomplishments and improvements undertaken by the department over the past year and he

Prenatal Sex Selection and Girls' Well-Being: Evidence from India

Overall,  the  picture  obtained  from  Table  2  suggests  that  the  primary  factors  which  distinguish  between  states  with  an  increasing  MFR  are  a 

Early Labour-Market Experiences of Second-Generation Immigrants in Sweden

We have analysed four sets of labour-market experiences. The …rst was the transition from compulsory school to various states: continuing their education, …nding a job,

AVALIAÇÃO do Potencial Leishmanicida de Bacteriocinas

Durante os testes com a BLIS P16 e a bacteriocina A53, foi possível se observar que as mesmas possuíam uma ação sobre a morfologia externa celular da Leishmania, o que já

The Trust Act 1882

discharged from the trust, or refuses or becomes, in the opinion of a principal civil court of original jurisdiction, unfit or personally incapable to act in the trust, or accepts

CHECKCOL: Improved local search for graph coloring

Roughly speaking, we define a checkpoint after a certain number of iterations: after each checkpoint, CHECKCOL restarts again a new local search from the current solution, with

Secure Coding. External App Integrations. Tim Bach Product Security Engineer salesforce.com. Astha Singhal Product Security Engineer salesforce.

–  Use Apex code to access external REST API’s –  Can be used to send data out or pull data in to/.. from an