New post

#LDAP

5

The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network.

Question
· Sep 25, 2024
LDAP Authentication Question

I am trying to track down a problem we saw this morning with our TEST environment. We had a momentary issue where InterSystems HealthShare Health Connect could not connect correctly to LDAP. When we tried to login and could not connect to LDAP, the system would Delete our users.

the Test LDAP function would return a "Can't contact LDAP server". I went through the Certificates, made sure they had the correct permissions and were not expired.

0 2
0 146
Question
· Aug 18, 2024
Microsoft Entra and IRIS

Dear All,

I am currently part of a team that is developing an application using Microsoft PowerApps as the front end and IRIS as the backend. Effectively that frontend screens, which are house and an Azure serve, call a series of REST interfaces exposed by IRIS from a physical Microsoft server. During the development stage we have not had any security in place but now we need to secure the application using a single sign on. PowerApps relies on Microsoft Entra for its security both LDAP and OAuth. Has anyone in the community connected IRIS to Microsoft Entra?

0 2
0 195

We recently moved from using the Private Web Server, to using an Apache/Web Gateway setup and moved towards using the built in LDAP functionality within IRIS. Since then, we have 1 user that uses VSCode (/api/atelier) heavily that continues to have issues signing into IRIS through VS Code and the /api/atelier extension.

I am trying to troubleshoot two issues..

0 8
0 1.5K
Question
· Dec 14, 2023
LDAP Logging

I am trying to troubleshoot an issue with LDAP and a specific user. Besides what is in the Audit Database is there another way to look to see the LDAP functionality that is being called and the response, like there is with OAuth and the ISCLOG? The Audit Log is returning a failure (Unexpected - /api/atelier login failure | InterSystems Developer Community) for this particular user, and I want to get proof that it might be something with the LDAP and not IRIS.

Thanks

Scott

0 6
0 413
Question
· Jan 24, 2024
Request LDAP

Hello,

I need to make an LDAP query to retrieve information about a specific team of employees. I have a custom service that instantiates a message of type EnsLib.LDAP.Message.Search with a filter matching the search and redirects it to an operation of type EnsLib.LDAP.Operation.Standard. I didn't get any errors, but I didn't get any results either. So I created an operation that inherits from EnsLib.LDAP.Operation.Standard and I overloaded the method to retrieve something. I get this:

0 0
0 169

I was recently asked whether we have a function to convert LDAP date time stamps into $HOROLOG format or other formats and the answer is not at the moment, but there is a simple method to do the conversion.

Let us look at the facts and figures involved...

1) Active Directory's (AD) date 0 (zero) is 1601-01-01 00:00:00.000 or January 1st, 1601 at midnight (00:00:00)

2) AD timestamps are calculated as the number of 100 nanosecond intervals from date 0

3) 864000000000 is the number of 100 nanosecond intervals per day

6 1
0 1.1K

We are moving away from Delegated Authentication in which I stored a username and password for our LDAP in a GLOBAL to be called by ZAUTHENTICATE.

Is there a way to pull in that GLOBAL into the LDAP Configuration within the Managment Portal instead of having to manually enter it? There seems to be an issue with Copy/Paste that the password isn't being set correctly when I use Copy/Paste.

Else I just export/import the LDAP Configuration from 1 server to another and manually update the Certificate to point to the correct file.

Thanks

Scott

0 0
0 151

I am trying to figure out how to loop through the EnsLib.LDAP.Message.Results to get all the attributes. From router I am passing EnsLib.LDAP.Messge.Search as the request param. Response is EnsLib.LDAP.Message.Results. I am invoking the EnsLib.LDAP.Messge.Search BO.

At the BP level, trying to figure out how to extract all the attributes for a EnsLib.LDAP.Message.results

0 2
0 259
Question
· Jan 23, 2019
Single Sign On (SSO)

Does Intersystems specifically Ensemble support a Single Sign On architecture? Currently we are using Delegated sign on using LDAP and TLS, however our CIO would like us to move toward a single sign on, so when you sign into your PC it would automatically pass the credentials to Ensemble.

Thanks

Scott

0 3
0 1.4K

Reference: sample LDAP code routine LDAP.mac

Some IF statements reference macro $$$WindowsCacheClient as a boolean flag to mark if the client calling the LDAP server is running Windows. Other IF statements reference $$$ISWINDOWS. Are they not the same thing? That is, does the routine need $$$WindowsCacheClient at all?

Examples:

#define WindowsCacheClient 1

0 2
0 224

Some key points are emphasized in this article in order to save your time to get linux ldap client in cache working with windows AD (active directory) LDAP server.
The first thing to do is to get successful TLS connection to windows AD.
Raw tcp case is beyond of this article, there is no problem with it, it is trivial.
Windows ldap server uses port 636 for tls and this port can be used to get ldap certificate.
As we will see later there is reason for this.
linux ldap client uses STARTTLS special ldap extension to switch plain tcp to TLS only.

9 2
1 2.6K

Currently, I am working on a CSP application that is supposed to generate reports. Users will have varying access to said reports. To achieve that, I plan to use LDAP (because it's used in other systems where those users already exist). Documentation does not provide enough information, so I'd like a clarification:
Do I need to enable LDAP authentication for the whole Cache instance to use LDAP authentication in a single CSP application in that instance?

0 5
0 326

Hi,
I am facing issue during LDAP lookup like whenever I used product group parameter in AD explorer to search data from application I am getting empty result. If I set product group parameter as null then based on distinguished name result is generated in application. So if anyone knows about how LDAP works and how parameters are set in AD explorer then please let me know.

Thanks in advance.

0 1
0 314

Hi Community,

Please welcome the new video on InterSystems Developers YouTube:

Advances in Security

https://www.youtube.com/embed/PR9OF4QleWg
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

0 0
1 301

Have enabled LDAP for our numerous , Ensemble, IRIS and cache instances with many namespaces. All is working fine and the ldap logins work.

But have noticed that the first instance that the user logs into the namespace is assigned to that user, but when that user than logs into another instance the default namespace from the first login is still there and doesn't update to the new namespace.

So this doesn't effect the ldap login but is now effecting the terminal logins where the user is now getting access denied.

0 1
0 315

Hello everyone,

i am in process of changing our authentication method, so we can integrate our AD authentication in our programs. At the moment i am using they %SYS.LDAP object, and trying to use the .Bind() method with the user information to authenticate. This seems to work without issues, but here the problems start.

0 1
0 490

Hi Community!

Please welcome a new video onInterSystems Developers YouTube Channel:

Building Powerful LDAP Configurations

https://www.youtube.com/embed/oRQ7NbK-Uk8
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

0 0
0 433

Hi Everyone!

New session recording from Global Summit 2018 is already on InterSystems Developers YouTube Channel:

Advanced Cloud Provisioning & Deployment

https://www.youtube.com/embed/BAN-l4nagxI
[This is an embedded link, but you cannot view embedded content directly on the site because you have declined the cookies necessary to access it. To view embedded content, you would need to accept all cookies in your Cookies Settings]

0 0
0 371

Has anyone worked out a way to use LDAP to define the default namespace on multiple servers? I know that documentation says that intersystems-Namespace-xxx only supports one namespace, but how is this useful? Any workaround to say have intersystems-Namespace-server1-namespaceA and intersystems-Namespace-server2-namespaceB? Is it best practice to use the same "namespace" on every server?

Thanks!

0 1
0 307

From the first glance, the task of configuring LDAP authentication in Caché is not hard at all – the manual describes this process in just 6 paragraphs. On the other hand, if the LDAP server uses Microsoft Active Directory, there a few non-evident things that need to be configured on the LDAP server side. Those who don’t do anything like that on a regular basis may get lost in Caché settings. In this article, we will describe the step-by-step process of setting up LDAP authentication and cover the diagnostic methods that can be used if something doesn’t work as expected.

4 3
2 2.3K
Question
· Oct 9, 2018
SID Conversion

Hi all,By using LDAP cache method ##Class(%SYS.LDAP).GetValuesLen(LD,CurrentEntry,Attribute) we get the list of attributes but in "ObjectSid" attribute have the SID in binary format(objectSid^U¤:c@ãºþÕLCP]). how to convert to the readable format from the binary format in cache side.
Please help us to proceed further

0 3
0 405