Question
· Jun 29, 2018
Adding TLS to ZAUTHENTICATE

I wrote a ZAUTHENTICATE.mac a couple of months back, and found recently that it is creating coredumps on almost a nightly basis. I think I have figured out this problem to be not clearing out my MsgSearch after I am doing 2 of them within the code.

1. Get User Attibutes from AD

2. Get User Groups From AD

So while I am trying to cleanup the code I thought it would be a good time to add a Certificate and TLS to the mix since I should of been using that all along. However I keep running into issues

1 14
0 444

I am working on an ZAUTHENTICATE.mac to move us from local cache users to Delegated Authentication against LDAP.

I have created a user role within my instance of Ensemble that matches the AD Group that I will be assigning everyone in my group to. Is there a way to query the list of available Roles within Ensemble, and if one of my AD groups matches that role, set the role for that user?

How would I compare the AD Group against the Role listing?

Thanks

Scott

0 10
0 584

We recently moved from using the Private Web Server, to using an Apache/Web Gateway setup and moved towards using the built in LDAP functionality within IRIS. Since then, we have 1 user that uses VSCode (/api/atelier) heavily that continues to have issues signing into IRIS through VS Code and the /api/atelier extension.

I am trying to troubleshoot two issues..

0 7
0 594
Question
· Oct 19, 2016
LDAP Adapter - Credentials?

I'm writing an operation to use the LDAP Outbound Adapter to query AD.

The operation's settings include a basic Credentials selector, to allow you to use the built in Credentials function of Ensemble. This can be referenced in the operation with ..Adapter.Credentials

1 6
0 673
Question
· Dec 14, 2023
LDAP Logging

I am trying to troubleshoot an issue with LDAP and a specific user. Besides what is in the Audit Database is there another way to look to see the LDAP functionality that is being called and the response, like there is with OAuth and the ISCLOG? The Audit Log is returning a failure (Unexpected - /api/atelier login failure | InterSystems Developer Community) for this particular user, and I want to get proof that it might be something with the LDAP and not IRIS.

Thanks

Scott

0 6
0 214

Currently, I am working on a CSP application that is supposed to generate reports. Users will have varying access to said reports. To achieve that, I plan to use LDAP (because it's used in other systems where those users already exist). Documentation does not provide enough information, so I'd like a clarification:
Do I need to enable LDAP authentication for the whole Cache instance to use LDAP authentication in a single CSP application in that instance?

0 5
0 238
Question
· Sep 13, 2018
Authentication Error

Hi All,
I tried to execute the ##Class(%SYS.LDAP).Binds(LD,"",$lb(Username,Domain,Password),$$$LDAPAUTHNEGOTIATE) but this command is returning the value as 7 only instead of 0,7 is an "Authentication Method Not Supported",How to recover it and why this error message is occuring
Please help me

0 3
0 358
Question
· Oct 9, 2018
SID Conversion

Hi all,By using LDAP cache method ##Class(%SYS.LDAP).GetValuesLen(LD,CurrentEntry,Attribute) we get the list of attributes but in "ObjectSid" attribute have the SID in binary format(objectSid^U¤:c@ãºþÕLCP]). how to convert to the readable format from the binary format in cache side.
Please help us to proceed further

0 3
0 313

From the first glance, the task of configuring LDAP authentication in Caché is not hard at all – the manual describes this process in just 6 paragraphs. On the other hand, if the LDAP server uses Microsoft Active Directory, there a few non-evident things that need to be configured on the LDAP server side. Those who don’t do anything like that on a regular basis may get lost in Caché settings. In this article, we will describe the step-by-step process of setting up LDAP authentication and cover the diagnostic methods that can be used if something doesn’t work as expected.

4 3
2 2K

Hi Group, I've followed the instructions from the documentation to configure LDAP and Ensemble to authenticate, however, I'm unable to authenticate using an account in the LDAP. The user is able to authenticate in a Linux shell. I have added the ObjectClass of IntersystemsAccount and the 3 group definitions to the schema. Other than adding the user to this group, do I have to change the user's objectClass at all?

This is not on active directory - it is a Linux based LDAP solution (slapd).

0 3
0 761
Question
· Jan 23, 2019
Single Sign On (SSO)

Does Intersystems specifically Ensemble support a Single Sign On architecture? Currently we are using Delegated sign on using LDAP and TLS, however our CIO would like us to move toward a single sign on, so when you sign into your PC it would automatically pass the credentials to Ensemble.

Thanks

Scott

0 3
0 1.1K

Reference: sample LDAP code routine LDAP.mac

Some IF statements reference macro $$$WindowsCacheClient as a boolean flag to mark if the client calling the LDAP server is running Windows. Other IF statements reference $$$ISWINDOWS. Are they not the same thing? That is, does the routine need $$$WindowsCacheClient at all?

Examples:

#define WindowsCacheClient 1

0 2
0 178

Hi There,

I am reaching out to the community to see if anyone has implemented SSO via SAML into TrakCare from Azure AD?

Also looking to see if anyone has come across automated role provisioning, I have seen this from an IRIS perspective but not directly into TrakCare.

Thanks in Advance

Cheers,

TC

0 2
0 289

I am trying to figure out how to loop through the EnsLib.LDAP.Message.Results to get all the attributes. From router I am passing EnsLib.LDAP.Messge.Search as the request param. Response is EnsLib.LDAP.Message.Results. I am invoking the EnsLib.LDAP.Messge.Search BO.

At the BP level, trying to figure out how to extract all the attributes for a EnsLib.LDAP.Message.results

0 2
0 179

Some key points are emphasized in this article in order to save your time to get linux ldap client in cache working with windows AD (active directory) LDAP server.
The first thing to do is to get successful TLS connection to windows AD.
Raw tcp case is beyond of this article, there is no problem with it, it is trivial.
Windows ldap server uses port 636 for tls and this port can be used to get ldap certificate.
As we will see later there is reason for this.
linux ldap client uses STARTTLS special ldap extension to switch plain tcp to TLS only.

9 2
1 2.5K

In preparation for a presentation I need a real-world LDAP schema that has been customized a bit beyond the basics. Perferably this would be based on an OpenLDAP system which would make it easier to merge into this presentation.

If you have such a schema you would be willing to share please respond or contact my directly at Rich.Taylor@InterSystems.com

Thanks in advance.

Rich Taylor

0 1
0 296

Presenter: Rich Taylor
Task: Use an LDAP schema that differs from the provided default
Approach: Give examples of customized LDAP schema development, using LDAP APIs and ZAUTHORIZE

In this session we explore the various options of for working with LDAP as an authentication and authorization framework. We will look beyond the simple LDAP schemas into working with more complex LDAP configurations that incorporate application level security information.

Content related to this session, including slides, video and additional learning content can be found here.

0 1
0 425