...
Volet | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
To open this page, click the Users tab in the Server configuration dialog box. |
This tab lets you define the authentication mode (profile and password control) and declare which users are to be authorized to connect to the server machine.
This tab contains the two following pages:
- Profiles, showing the list of the defined user profiles,
- Authentication mode, displaying the parameters relating to the authentication mode.
Ancre | ||||
---|---|---|---|---|
|
"Profiles" page
Lists
Users
List of the users registered for the server.
...
- the context, i.e. the access path on the server that leads to the object files produced when compiling the "server" parts of Visual/Web programs.
The management functions (create, modify, delete) can be accessed using the context-sensitive menu associated with the list.
...
Ancre | ||||
---|---|---|---|---|
|
"Authentication mode" Page
...
Information entered
Authentication mode
List of the authentication modes implemented by the Adelia middleware.
Adelia
Authentication is carried out exclusively by the Adelia Middleware.
...
Simple LDAP authentication
...
In this mode, the profile and password circulate in plaintext on the network between the Middleware server and the LDAP server.
...
Simple LDAP authentication (SSL)
...
In Java: The "truststore" store is specified by the "the javax.net.ssl.trustStore" system property. The default stores sought by the application are <java-home>/lib/security/jssecacerts, then <java-home>/lib/security/cacerts if the property is not specified.
Certificate import command: keytool -import -alias <MyCert> -file<MyCertFile.crt> -keystore <myTruststore>
JVM parameter: java -Djavax.net.ssl.trustStore=<MyTruststore>
...
Negotiated LDAP (Windows)
...
Important: If the Guest account is activated at the user level of the Active Directory, a user that is not registered in the Active Directory, but is registered on the list of Middleware users, will have their authentication accepted without password verification.
LDAP user search
After having verified that the user is declared (if the Default LDAP user box is not checked), authentication is delegated to an LDAP server, in user search mode.
In this mode, a first connection is made to the LDAP server with a generic profile passed as a parameter, in order to perform a search of the LDAP user corresponding to the Adelia profile, according to the specified search criteria.
If the LDAP user is found, a second authentication is carried out with the user's password.
In this mode, profiles and password circulate unencrypted on the network between the Middleware server and the LDAP server.
LDAP user search (SSL)
After having verified that the user is declared (if the Default LDAP user box is not checked), authentication is delegated to an LDAP server, in user search mode.
In this mode, a first connection is made to the LDAP server with a generic profile passed as a parameter, in order to perform a search of the LDAP user corresponding to the Adelia profile, according to the specified search criteria.
If the LDAP user is found, a second authentication is carried out with the user's password.
...
Host name of the LDAP server to be used.
Port
Port number of the LDAP server to be used (generally 389 in simple or negotiated Windows mode, and 636 in SSL mode).
...
Backup server
Host name of the LDAP backup server to be used in the event of failure of the main server.
Optional parameter.
...
Port
Port number of the LDAP backup server to be used.
Optional parameter.
...
Default domain
Name of the users' default Windows domain.
...
This notion of domain is used when the users correspond to the Windows accounts managed by Active Directory.
DN pattern
Pattern to search for the LDAP user. The substitute character is %. The user's name is substituted in the filter, either on the substitution character % (for backward compatibility, only the first occurrence is substituted), or on the {0} string occurrences.
...
"(|(sAMAccountName={0})(mail={0}))"
LDAP profile
Generic connection profile for user search execution. You can avoid entering this parameter if the server allows anonymous connections.
This field is only active if the autentication authentication mode is "User search".
Password
Password for the generic connection profile for user search execution. You can avoid entering this parameter if the server allows anonymous connections.
This field is only active if the autentication authentication mode is "User search".
User base
Base directory for the user search.
This field is active only if the autentication authentication mode is "User search".
User attribute
Attribute name containing the user ID in the search results.
This field is active only if the autentication authentication mode is "User search".
Search scope
Search scope
Possible values:
Hardis - Tableau personnalisé | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
This field is active only if the autentication authentication mode is "User search".
Context
Directory path where the server part for Visual Adelia programs is located, for unregistered users when Default LDAP user box is checked.
This field is active only when the Default LDAP user box is checked.
Check boxes
Default LDAP user
Not active in Adelia authentication.
Hardis - Tableau personnalisé | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
|
...
Buttons
Configure
Validates any changes and closes the dialog box.
Cancel
Closes the dialog box without validating any changes.
Keyboard shortcut: Esc.
Apply
Validates any changes without closing the dialog box.
...