| Hardis - Séquence de feuilletage |
|---|
| Volet | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
To open this page, click the Users tab in the Server configuration dialog box. |
This tab lets you define the authentication mode (profile and password control) and declare the users that are authorized to connect to the server.
This tab contains the two following pages:
- Profiles, showing the list of the defined user profiles,
- Authentication mode, displaying the parameters relating to the authentication mode.
| Ancre | ||||
|---|---|---|---|---|
|
"Profiles" page
Lists
Users
List of the users registered for the server.
For each user, the list shows:
- the name,
- the description,
- the context, i.e. the access path on the server that leads to the DLL files produced when compiling the "server" parts of Visual/Web programs.
The management functions (create, modify, delete) can be accessed using the context-sensitive menu associated with the list.
Ancre Mode_Authentification Mode_Authentification
| Mode_Authentification | |
| Mode_Authentification |
"Authentication mode" Page
Information entered
Authentication mode
List of the authentication modes implemented by the Adelia middleware.
Adelia
Authentication is carried out exclusively by the Adelia Middleware.
Simple LDAP authentication
After having verified that the user is declared (if the Default LDAP user box is not checked), authentication is delegated to an
| Hardis - Infobulle | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
In this mode, the profile and password circulate in plaintext on the network between the Middleware server and the LDAP server.
Simple LDAP authentication (SSL)
After having verified that the user is declared (if the Default LDAP user box is not checked), authentication is delegated to an LDAP server, in
| Hardis - Infobulle | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
- In this mode, the profile and the password circulate in encrypted form on the network between the Middleware server and the LDAP server.
- You must install the SSL certificate that corresponds to the LDAP server in the Windows certificate store of the Middleware server.
Negotiated LDAP (Windows)
After having verified that the user is declared (if the Default LDAP user box is not checked), authentication is delegated to an LDAP server, in negotiated Windows mode (the security context is negotiated between Kerberos and NTLM). This mode may only be used for an ";LDAP Active Directory";.
In this mode, authentication is carried out securely between the Middleware server and the LDAP server.
Important: If the Guest account is activated at the user level of the Active Directory, a user that is not registered in the Active Directory, but is registered on the list of Middleware users, will have their authentication accepted without password verification.
LDAP user search
After having verified that the user is declared (if the Default LDAP user box is not checked), authentication is delegated to an LDAP server, in user search mode.
In this mode, a first connection is made to the LDAP server with a generic profile passed as a parameter, in order to perform a search of the LDAP user corresponding to the Adelia profile, according to the specified search criteria.
If the LDAP user is found, a second authentication is carried out with the user's password.
In this mode, profiles and password circulate unencrypted on the network between the Middleware server and the LDAP server.
LDAP user search (SSL)
After having verified that the user is declared (if the Default LDAP user box is not checked), authentication is delegated to an LDAP server, in user search mode.
In this mode, a first connection is made to the LDAP server with a generic profile passed as a parameter, in order to perform a search of the LDAP user corresponding to the Adelia profile, according to the specified search criteria.
If the LDAP user is found, a second authentication is carried out with the user's password.
- In this mode, the profile and the password circulate in encrypted form on the network between the Middleware server and the LDAP server.
- You must install the SSL certificate that corresponds to the LDAP server in the Windows certificate store of the Middleware server.
Single Sign-On (SSO)
After checking that the user is declared (if the Default LDAP user box is not checked), authentication is performed in Kerberos mode by directly using the client Windows session credentials.
The password is not used in this mode. The client must explicitly request a negotiated connection by indicating the "*SSO" profile.
Only SSO logins are authorized in this mode. If a profile/password is submitted to the daemon, the login will be denied (invalid profile/password).
LDAP Server
Host name of the LDAP server to be used.
Port
Port number of the LDAP server to be used (generally 389 in simple or negotiated Windows mode, and 636 in SSL mode).
Backup server
Host name of the LDAP backup server to be used in the event of failure of the main server.
Optional parameter.
Port
Port number of the LDAP backup server to be used.
Optional parameter.
Default domain
Name of the users' default Windows domain.
If it is specified and no domain has been indicated for the user (no ";\"; in the user name), it will be used to qualify the user.
This parameter is not available in ";User search"; mode. In this case, the DN filter must be entered.
This notion of domain is used when the users correspond to the Windows accounts managed by Active Directory.
DN pattern
Pattern to search for the LDAP user. The substitute character is %. The user's name is substituted in the filter, either on the substitution character % (for backward compatibility, only the first occurrence is substituted), or on the {0} string occurrences.
The DN pattern is taken into account only if the Default domain field is not completed. In ";User search"; mode, the field contains the search filter.
For example:
"cn=% ou=myGroup" (% will be replaced by the user).
"(|(sAMAccountName={0})(mail={0}))"
LDAP profile
Generic connection profile for user search execution. You can avoid entering this parameter if the server allows anonymous connections.
This field is only active if the authentication mode is "User search".
Password
Password for the generic connection profile for user search execution. You can avoid entering this parameter if the server allows anonymous connections.
This field is only active if the authentication mode is "User search".
User base
Base directory for the user search.
This field is active only if the authentication mode is "User search".
User attribute
Attribute name containing the user ID in the search results.
This field is active only if the authentication mode is "User search".
Search scope
Search scope
Possible values:
| Hardis - Tableau personnalisé | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
|
This field is active only if the authentication mode is "User search".
Context
Directory path where the server part for Visual Adelia programs is located, for unregistered users when Default LDAP user box is checked.
This field is active only when the Default LDAP user box is checked.
Check boxes
Authorizing Single Sign-On (SSO)
This option is enabled if the authentication mode is Adelia or LDAP.
| Hardis - Tableau personnalisé | ||||||
|---|---|---|---|---|---|---|
| ||||||
|
LDAP or SSO default user
This option is not enabled in Adelia authentication unless the Allow Single Sign-On (SSO) box is checked.
| Hardis - Tableau personnalisé | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
|
Buttons
OK
This button validates the modifications made and closes the dialog box.
Cancel
This button closes the dialog box without validating the modifications made.
Keyboard shortcut: Esc.
Apply
This button validates the modifications made without closing the dialog box.