• No results found

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

USER GUIDE

Lightweight Directory Access Protocol

(LDAP)

(2)

TABLE OF CONTENTS

Introduction ... 1 

Audience and Objectives ... 1 

Overview ... 1 

LDAP Servers Supported by Centricity ... 1 

Benefits of LDAP Authentication ... 1 

Implementation of LDAP Authentication ... 1 

The Effects of LDAP on the Use of Centricity ... 4 

The Authentication Process ... 4 

Effects of LDAP on Users of Centricity ... 6 

(3)

Introduction

he Lightweight Directory Access Protocol (LDAP) Authentication enhancement module allows user information to be maintained in one centralized location and enables single sign-on access. User

credentials can be shared between the network and Centricity user management systems.

T

Audience and Objectives

We recommend that Site Directors, read this chapter. In this chapter, you will learn:

• The benefits of LDAP Authentication; • How LDAP and Centricity interact; and,

• How to implement and administer LDAP Authentication;

Overview

LDAP is an Internet protocol that allows programs to look up information on a server. Used with Centricity, LDAP authenticates and synchronizes user

information for Centricity that is stored on a remote directory (i.e., LDAP)

server.

LDAP Servers Supported by Centricity

Centricity currently supports the following directory servers:

• Novell®

eDirectory™ • Microsoft®

Active directory®

• OpenLDAP™, an open source directory

Benefits of LDAP Authentication

The primary benefit of LDAP authentication is having a single source of user information for both the organization’s directory server and Centricity. Consequently, maintaining user information requires less time. In addition, users of both services use the same sign-in name and password.

Implementation of LDAP Authentication

You or your network engineer will work with one of the Schoolwires

developers to set up the LDAP authentication process for your organization. If Schoolwires hosts your website on one of its servers, you will need to open your firewall to allow the specific IP address and port provided by the

Schoolwires developer to access the directory server. Once you have opened

(4)

the firewall, the Schoolwires developer will test the connectivity between the servers.

You will also need to provide the developer with the following information: • Which LDAP server you are using.

• The domain name or IP address for your directory.

• Whether you will be using a Secured Socket Layer (SSL). For ASP clients, this will determine which port you will need to open in your firewall.

Note: If your website is hosted by Schoolwires and you will be using SSL, you must create a certificate on your server that Schoolwires will install on the server that hosts your Schoolwires website.

• The Distinguished Name (DN), which the path for the starting point for the search of your directory during the authentication process. • The Login Name and password to use when Centricity accesses your

directory server.

• Whether the formats for the sign-in name for your organization’s directory server and Centricity are the same. If they are not, the authentication process will result in the creation of duplicate user profiles within Centricity. Consequently, if these do not currently match, the Schoolwires developer will run a script to match the format for the sign-in name for Centricity to that of your organization’s directory server.

(5)

The Schoolwires developer will use this information to enter the parameters for LDAP on the LDAP Settings window accessible from Site

WorkspaceÆConfigureÆSite. See Figure 1 and Figure 2.

Figure 1: LDAP Settings window: General tab

(6)

Figure 2: LDAP Settings window: Groups tab After the set up is complete, the Schoolwires developer will test the authentication process (Test Authentication button).

The Effects of LDAP on the Use of Centricity

The Authentication Process

When a user attempts to sign in to Centricity, LDAP authentication takes place in the following manner:

1. If that user is found in Centricity and marked as an LDAP user (Figure 3), the user will be authenticated against your organization’s directory server.

a. If that user is found on the directory server and the sign-in name and password match, the sign-in will be successful.

(7)

CenLDAP_063008 Page 5

2. If that user is not found in Centricity, but is found on your

organization’s directory server, the user will be automatically added as an LDAP user within Centricity. The following information from the directory will be duplicated in the User Profile in Centricity:

a. First name b. Last name c. Email address d. Sign-in Name

e. Roles (Groups on the directory server)

Note: Groups can be created within your organization’s directory server and users can be assigned to them. During the

implementation of LDAP, the Schoolwires developer sets up a table that cross references these groups within the directory server to roles in Centricity. If a user is assigned to a group on the directory server, then the user will be assigned the associated role in Centricity.

3. If that user is found in Centricity and not marked as an LDAP user (Figure 3), the user will be authenticated against the user database in

Centricity. If the sign-in name and password match, the sign-in will

be successful.

4. If that user is not found in Centricity or your organization’s directory server or the sign-in name and password do not match, the sign-in will fail and the user will need to contact the System Administrator.

Figure 3: User Profile when LDAP enabled

LDAP Login field only appears if your organization purchased the LDAP

(8)

Effects of LDAP on Users of Centricity

Once LDAP authentication is implemented, you will notice the following effects:

• On the User Profile in Centricity for each LDAP user:

o The LDAP Login box will be checked. (See Figure 3.) For new users, this happens during the authentication process. For existing users, the

Schoolwires developer will run a script during implementation.

o The password in Centricity will be a non-functioning, encrypted password.

• If you delete a user from the directory server, you do not need to delete that user from Centricity. The authentication will fail and that user will not be able to sign in to the website. However, you may want to purge this data from

Centricity periodically.

• LDAP users of Centricity will still need to sign in. However, they will use the same sign-in name and password as they use for the network.

• When LDAP users of Centricity access their profiles (Access My Info), they will not have access to the Sign-in Name, Password or Confirm Password fields.

• If you make any changes to a User Profile (e.g., add a zip code, unlock a user) for an LDAP user, that user will not receive any confirmation from

Centricity.

• The User Profiles for users of Centricity who are not LDAP users will be maintained within Centricity. They will be able to access their own profiles, including the Sign-in Name, Password and Confirm Password fields. They will receive the normal confirmation messages from Centricity.

After the Initial Implementation

Once the Schoolwires developer sets up LDAP authentication, there will be few reasons for a Site Director to access the LDAP Settings window from Site

WorkspaceÆConfigureÆSite. The main reasons for making changes are:

• You have added roles to your Schoolwires website. • Your directory server has changed.

• The use of SSL has changed.

References

Download now ( PDF - 8 Page - 131.47 KB )

Related documents

Embed Content in the Schoolwires Editor. Schoolwires Centricity2

Use simple embeds when you want content from one area of your school’s website to display in another (e.g., to display policies from a page on the District site on a page at a

Should the Niagara Region Chair Be Directly Elected?

Key Words: Local government; municipalities; regional government; Ontario; Greater London Authority; elections; soft powers; economic development; voter turnout; head of council;

Document Title: PCT Doc Ref.: Version No.: 1/2014. Local Doc Ref.:

Patient Group Direction (PGD) for the vaccination of pregnant women (gestation week 28 onwards) and new mothers against pertussis (Whooping Cough) using Boostrix-IPV®

Easily Managing User Accounts on Your Cloud Servers. How modern IT and ops teams leverage their existing LDAP/Active Directory for their IaaS

Organizations have traditionally leveraged Microsoft Active Directory (AD) or the Lightweight Directory Access Protocol (LDAP) for managing access to their on-premise

Oracle Identity Manager (OIM) as Enterprise Security Platform - A Real World Implementation Approach for Success

collections of identity and security information about objects (can be user, resource, etc.)  OID is built on Oracle Database and uses LDAP (Lightweight Directory Access

Best Practices, Procedures and Methods for Access Control Management. Michael Haythorn

The principle of least privilege, separation of duties, job rotation, mandatory access control, discretionary access control, role based access control and rule based access

Avoiding Retaliation Claims from Whistleblowers

Handling Whistleblowers You have  scheduled a  meeting with an  underperforming  employee to  discuss a last  chance  agreement.  Just  before the