Navigation:  WebOffice author standalone > WebOffice Menu > Common Category > Application Configuration > Common > User Management >

Authentication Type LDAP

Previous pageReturn to chapter overviewNext page

Using Authentication Type LDAP it is possible to use LDAP user accounts for checking the user login.

 

Recommended scenarios for this Authentication type are:

Customer wants to use the existing user accounts of the Microsoft Active Directory or

Customer wants to use the existing user accounts of the Novell eDirectory or

Customer wants to use the existing user accounts of the Sun Directory Server or

Customer wants to use the existing user accounts of the Open LDAP system.

 

Authentication type LDAP configuration

Authentication type LDAP configuration

 

Using a URL for a secure connection the application will be referenced via normal HTTP but sensible data like login data etc. will be transferred via HTTPS.

If you want to provide a guest user account without login dialog, you can configure a user name i.e guest. If the user guest has access rights on a project, the project can be started with a user parameter without login dialog.

 

Note: The authentication type LDAP uses the WebOffice login dialog and users and passwords are managed by the WebOffice UM Repository and additionally synced via LDAP / AD during the login process. A general comparison of the common authentication methods in WebOffice 10.8 SP2 can be found in chapter Overview of authentication methods.

 

Property

Description

Use domain?

Specifies whether authentication module takes the domain string into consideration (true) or not (false) when logging in (login (user name) is e.g.: VIENNA\Novak or VIENNA/Novak):

Yes: VIENNA\Novak or VIENNA/Novak will be used

No: Novak will be used

Note: If using domain string (Yes) then the user login names in User Management database must be saved with the domain strings included!

Use user roles only?

Use role based information from authentication system. If 'true', no storage and maintenance of user objects in the User Management database is necessary then.

URL for secure connection

Secure Connection configuration. Use this for providing encrypted log in.

The URL for secure connection must look like https://<server>:<port>.

Prerequisite for use of a secure connection is:

When working with a web server (IIS, Apache):  a valid and installed SSL certificate on web server,

When working with Tomcat (without web server): a valid and installed SSL certificate on JDK as well as a correct Tomcat (servlet engine) configuration (SSL port, connector).

Guest user (anonymous)

Provide the login of the user who is allowed to start a project session without login dialog (Call with a "user" parameter).

For example:

http://<myserver>:<port>/WebOffice/synserver?project=MyProject&user=guest

Use fallback authentication type UM-DB

Set the option if WebOffice 10.8 SP2 Usermanagement will be used as authentication (true), if the login of the authentication type fails (f.e LDAP connection not available) or not (false - default).

If this option is activated, the first login attempt will be done on LDAP basis. If the Login via LDAP is not successful, the login attempt with same credentials will be done via WebOffice 10.8 SP2 Usermanagement. If that login attempt won't succeed, the user will get a message that the login was not successful.

Use both the LDAP groups and UM-DB groups

Use not only the LDAP groups but the groups configured in the UserManagement database too. Applicable only when the 'Use user roles only?' attribute is set to 'Yes'. Useful for group authorisation for projects in which an authenticated AD user is not a member of the authorised AD group.

Note: See chapter Groups for creating a new group in the UserManagement database.

Note: See chapter Users to create a new user in the UserManagement database. This must be an existing user from the Active Directory.

Note: The syntax of the login must be identical / uniform between Active Directory and UserManagement database - this also applies to the domain.

Note: With the exception of the additional groups from the UM-DB, all user information is obtained exclusively from the Active Directory.

Authentication type LDAP configuration

 

Note: With WebOffice 10.8 SP2 backup LDAP Servers are supported. Just add a second LDAP configuration node. Connection to first defined LDAP served is tried first (top-down).