Page History
...
- Service Type:
LDAP
- Management of user accounts and passwords is performed with by the LDAP Server.
- In addition, an automated mapping of membership in LDAP Security Groups to the JOC Cockpit roles takes place.
- The JOC Cockpit does not know any user accounts, passwords and role assignments as this information is managed with by LDAP only.
- Service Type:
LDAP-JOC
- Management of user accounts and passwords is performed with by the LDAP Server.
- The assignment of roles to user accounts is performed by the JOC Cockpit and is stored with in the JS7 database.
- The JOC Cockpit knows user accounts and role assignments. The JOC Cockpit does not know passwords as this information is managed with by LDAP only
Identity Service Configuration
...
To add an Identity Service use the button Add Identity Service from the page above that lists the available Identity Services:
...
- The
Identity Service Name
is a unique identifier that can be freely chosen. - The
Identity Service Type
can be selected as available from the matrix described above matrix. - The
Ordering
specifies the sequence in which a login is performed with available Identity Services. - The
Required
attribute specifies if whether a login with the relevant Identity Service is required to be successful, for example, if a number of Identity Services are triggered on login of a user account. - The
Identity Service Authentication Scheme
allows selection of:single-factor
authentication: user account and password are specified for login with the LDAP Identity Service.two-factor
authentication: in addition to user account and password a Client Authentication Certificate is required, see the JS7 - Certificate based Authentication article for more information.
...
LDAP Server Host
: Expects the hostname or IP address of the LDAP Server host. If TLS/SSL protocols are used then the Fully Qualified Domain Name (FQDN) of the host has to be used for which the LDAP Server SSL certificate is issued.LDAP Protocol
: The LDAP Protocol can be Plain Text, TLS or SSL. Plain Text is not recommended as the user account and password will be sent through the network without encryption. TLS and SSL protocols are considered as being secure as they encrypt the content/connection to the LDAP Server.LDAP Server Port
: The port that the LDAP Server is listening to. For Plain Text and TLS connections port389
is frequently used, for SSL connections port636
is a frequent option.LDAP Server is Active Directory
: This setting simplifies the configuration if the LDAP Server is implemented by Active Directory. A number of attributes for user search and group search are automatically assumed if Active Directory is used.LDAP Server offers sAMAccountName attribute
: ThesAMAccountName
attribute is the unique identifier of a user account. This attribute frequently is available with Active Directory LDAP Servers of type Active Directory.LDAP Server offers memberOf attribute
: ThememberOf
attribute simplifies the search for Security Groups for which the user account has membership. This attribute frequently is available with LDAP Servers of type Active Directory, however, other LDAP products similarly can implement this attribute.LDAP Search Base
: TheSearch Base
for looking up user accounts in the hierarchy of LDAP Server entries, for exampleOU=Operations,O=IT,O=Users,DC=example,DC=com
.LDAP User Search Filter
: TheUser Search Filter
specifies an LDAP query that is used to identify the user account in the hierarchy of LDAP entries.
...
Overview
Content Tools