Active Directory Server

To use an Active Directory server for authentication, select 'LDAP' from the 'Authentication' menu on the 'Security Provider' page, and select 'Active Directory' from the 'LDAP Server' menu. (See Specifying a Security Provider for more information about the 'Security Provider' page.)

LDAP is recommended for authentication but not for authorization because authorization requires modification of the LDAP schema.

When configuring an Active Directory server to perform authentication for Style Intelligence, take note of the following points:

An Active Directory schema can contain a large number of objects (users, security groups, etc). Before setting up the security provider in Enterprise Manager, use a tool like Apache Directory Studio (http://directory.apache.org/studio/downloads.html) to browse your schema and become familiar with its structure.

It is highly recommended that you add new security groups to the Active Directory schema to support Style Intelligence users. For example, add security groups such as 'InetSoftAdmin', 'InetSoftUser', 'InetSoftDeveloper', etc., to the Active Directory schema, and then add the appropriate users to these groups.

A security group in Active Directory is equivalent to a role in Style Intelligence.

An organizational unit in Active Directory is equivalent to a group in Style Intelligence.

A search base is the location within Active Directory from which Style Intelligence will search for and load users, security groups, etc. It is typically mapped to an organizational unit, for example, ou=Departments. A search base can also be a composite of multiple search bases separated by a semicolons, e.g., ou=IT,ou=Departments;ou=Sales,ou=Departments.

After you configure LDAP security, you can no longer log into Enterprise Manager using the default admin/admin credentials. You must log in as a user who has the administrator role security group.

After you configure LDAP security, you can no longer add users/groups/roles from within the Users tab in Enterprise Manager. You must do this from within Active Directory. However, the Users tab allows you to view the users defined in Active Directory.

Figure 40. LDAP Environment Setup for Active Directory

 

<< Sun ONE (iPlanet) Server © 1996-2013 InetSoft Technology Corporation (v11.5) Sample Active Directory Setup >>