Pulling information from Credentials using Cache Object Script
Is there a way to pull a user name and password from the Credentials list that is kept in Ensemble? Right now I have a LDAP user that I have hard coded into my ZAUTHENTICATE, which I would like to get away from. I am not to familiar with settings Global, or calling them at least.
Thanks
Scott
Passwords are encrypted so no.
Login details are stored in Security.Users table or ^SYS("Security","UsersD") global in %sys namespace.
Instead of storing it at the Credentials level, I have created a Global to store the LDAP server information. However when I am calling $Get(^OSUMCLDAP(Server)) nothing is being returned. Am I not calling it appropriately? Do I need to add an include statement somewhere to make sure it includes the globals?
s AdminDN=$Get(^OSUMCLDAP(User))
s AdminPW=$Get(^OSUMCLDAP(Pass))
}
Thanks
Scott
Never mind I figured it out.
Could you please add your code as an example what you already did with ZAUTHENTICATE?
ZAUTHENTICATE used to authenticate users with their login and password, so, if you already have user's password you can connect to LDAP/AD server with this credentials.
Hi
If you want to get the username and password that is stored in the Ensemble credentials list that is accessible via the management portal Ensemble>Credentials, and if you know the credential id,
then you can get the username and password via the Ens.Config.Credentials class:
SET cr=##class(Ens.Config.Credentials).%OpenId("yourCredentialID")
SET UserName=cr.Username
SET Password=cr.Password
see here the class reference:
http://docs.intersystems.com/latest/csp/docbook/%25CSP.Documatic.cls?AGE...
I hope it helps
Stelios
So if I have an additional user I need to use to verify as the LDAP search user, how would I store the user name and password in this scenario?
First, you can access Ensemble Credentials using the Ens.Config.Credentials class. To be clear this is NOT User definitions from the Security module. These are defined via the Ensemble Management portal options under Ensemble -> Configure ->Credentials.
That should work for you. I would still like to better understand what is going on in the application here that drives this. You seem to be indicating that this is a user logging into Ensemble. If you could detail out the workflow that is happening and how it related to Ensemble Services we might be able to better advise you.
Finally, I want to make you aware that the LDAP interface in InterSystems technologies has a method for using groups to define everything the security model needs. In fact that is the default method in recent versions.
The best path forward is to get your Sales Engineer (SE) involved in what you are trying to achieve. That person would be best suited to dig into your requirements and advise you. If, for some reason, you cannot contact your SE or don't know who that is send me a private message. I'd be happy to help out more directly.
Sorry I am learning AD/LDAP as I go. I talked with the "powers that be" and they did confirm that I do not see a separate username and password to BIND to LDAP, and that I can use the UserName. So I will make that switch in the code above.
Thanks everyone.
Your welcome.
As you said you are still learning LDAP I am putting a couple of links regarding LDAP documentation and articles below. Hope that helps you out.
http://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY=GCAS_LDAP
http://docs.intersystems.com/latest/csp/docbook/DocBook.UI.Page.cls?KEY=EGIN_options_connectivity_adapters
https://community.intersystems.com/post/global-summit-2016-ldap-beyond-simple-schema
Ensemble Credentials are normally used to satisfy security for an Ensemble Business host. This separates the maintenance of security from the maintenance of the actual interfaces. The application of the security is handled completely by Ensemble in that scenario. This does not appear to be how you are attempting to utilize this. It would help to better understand your use case here. What is the entry path/service that is utilizing delegated authentication?
Social networks
InterSystems resources
Log in or sign up
Log in or create a new account to continue
Log in or sign up
Log in or create a new account to continue
Log in or sign up
Log in or create a new account to continue