The Lightweight Directory Access Protocol (LDAP) is an open, vendor-neutral, industry-standard application protocol for accessing and maintaining distributed directory information services over an Internet Protocol network.
I wrote a ZAUTHENTICATE.mac a couple of months back, and found recently that it is creating coredumps on almost a nightly basis. I think I have figured out this problem to be not clearing out my MsgSearch after I am doing 2 of them within the code.
1. Get User Attibutes from AD
2. Get User Groups From AD
So while I am trying to cleanup the code I thought it would be a good time to add a Certificate and TLS to the mix since I should of been using that all along. However I keep running into issues
Is there a way to pull a user name and password from the Credentials list that is kept in Ensemble? Right now I have a LDAP user that I have hard coded into my ZAUTHENTICATE, which I would like to get away from. I am not to familiar with settings Global, or calling them at least.
I am working on an ZAUTHENTICATE.mac to move us from local cache users to Delegated Authentication against LDAP.
I have created a user role within my instance of Ensemble that matches the AD Group that I will be assigning everyone in my group to. Is there a way to query the list of available Roles within Ensemble, and if one of my AD groups matches that role, set the role for that user?
How would I compare the AD Group against the Role listing?
I am working through trying to use ZAUTHENTICATE.mac and LDAP.mac to do Delegated sign on into Ensemble. In reading over the samples and the documentation, I am not clearly finding on how to set the Appropriate Role from the LDAP group I return. Can someone help explain this part to me? If I have a user sign on, and I return a "Group" from the Authentication, how do I get that to transform into the Role I need for Ensemble.
I am getting the following error while logging in using LDAP authentication,
"An error occurred with the CSP application and has been logged to system error log (^ERRORS)". I've set the connection up and using Authentication Test was successful. I seem to be able to login as well but keep getting that error. If I allows unauthenticated access then the page works but changing it to LDAP is not working.
The LDAP account once created in Cache has U access to the resource related with the web application.
Some key points are emphasized in this article in order to save your time to get linux ldap client in cache working with windows AD (active directory) LDAP server.
The first thing to do is to get successful TLS connection to windows AD.
Raw tcp case is beyond of this article, there is no problem with it, it is trivial.
Windows ldap server uses port 636 for tls and this port can be used to get ldap certificate.
As we will see later there is reason for this.
linux ldap client uses STARTTLS special ldap extension to switch plain tcp to TLS only.
Does calling the BIND method of %SYS.LDAP, with the username, domain and password of the user that needs to be authenticated- the right way to authenticate him/her ?
Also - am I correct in assuming that something like this is independant to (and I don't need to specify setting for), System Security -> LDAP Options
Hi Group, I've followed the instructions from the documentation to configure LDAP and Ensemble to authenticate, however, I'm unable to authenticate using an account in the LDAP. The user is able to authenticate in a Linux shell. I have added the ObjectClass of IntersystemsAccount and the 3 group definitions to the schema. Other than adding the user to this group, do I have to change the user's objectClass at all?
This is not on active directory - it is a Linux based LDAP solution (slapd).
I was recently asked whether we have a function to convert LDAP date time stamps into $HOROLOG format or other formats and the answer is not at the moment, but there is a simple method to do the conversion.
Let us look at the facts and figures involved...
1) Active Directory's (AD) date 0 (zero) is 1601-01-01 00:00:00.000 or January 1st, 1601 at midnight (00:00:00)
2) AD timestamps are calculated as the number of 100 nanosecond intervals from date 0
3) 864000000000 is the number of 100 nanosecond intervals per day
I'm writing an operation to use the LDAP Outbound Adapter to query AD.
The operation's settings include a basic Credentials selector, to allow you to use the built in Credentials function of Ensemble. This can be referenced in the operation with ..Adapter.Credentials
Presenter: Rich Taylor Task: Use an LDAP schema that differs from the provided default Approach: Give examples of customized LDAP schema development, using LDAP APIs and ZAUTHORIZE
In this session we explore the various options of for working with LDAP as an authentication and authorization framework. We will look beyond the simple LDAP schemas into working with more complex LDAP configurations that incorporate application level security information.
Content related to this session, including slides, video and additional learning content can be found here.
In preparation for a presentation I need a real-world LDAP schema that has been customized a bit beyond the basics. Perferably this would be based on an OpenLDAP system which would make it easier to merge into this presentation.
If you have such a schema you would be willing to share please respond or contact my directly at Rich.Taylor@InterSystems.com
By date
