LDAP/AD Authentication: Difference between revisions
(306160) |
(306160) |
||
Line 67: | Line 67: | ||
:UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPServerPassword';<br> | :UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPServerPassword';<br> | ||
</code> | </code> | ||
:Replace '<value>' with your own specific LDAP settings. Note that you need to allow built-in authentication, so define the value of 'AuthenticationMethod' to be '1'. For more information on the values, see the table above. | :Replace '<value>' in the script with your own specific LDAP settings. Note that you need to allow built-in authentication at this point, so define the value of 'AuthenticationMethod' to be '1'. For more information on the values, see the table above. | ||
2. Log in to QPR ProcessAnalyzer as a user that has "All" and "Administrator" rights.<br> | 2. Log in to QPR ProcessAnalyzer as a user that has "All" and "Administrator" rights.<br> | ||
3. Create a new user account in [[User Manager|User Manager dialog]]. The username in QPR ProcessAnalyzer must match the LDAP username.<br> | 3. Create a new user account in [[User Manager|User Manager dialog]]. The username in QPR ProcessAnalyzer must match the LDAP username.<br> |
Revision as of 10:08, 29 October 2014
QPR ProcessAnalyzer uses three methods for authenticating users:
- The built-in authentication method in which the user is authenticated against the user id/password combination in QPR ProcessAnalyzer database.
- The LDAP (Lightweight Directory Access Protocol) authentication method in which the user is authenticated by validating the username against a corporate LDAP server.
- The combination of the built-in and the LDAP authentication method: if the LDAP method fails, the built-in method is used.
Configuring the Authentication Settings
The authentication method options can be configured in the PA_CONFIGURATION table in the QPR ProcessAnalyzer database. The options relevant for authentication are listed in the following table:
|
All values except for AuthenticationMethod are empty by default.
The authentication method that is currently used is shown in Session Information dialog.
Creating a User That Is Authenticated via LDAP
The LDAP authentication method can be used in QPR ProcessAnalyzer Pro and QPR ProcessAnalyzer Database. However, the LDAP settings have no effect in QPR ProcessAnalyzer Xpress as it does not use named user authentication.
1. Open the PA_CONFIGURATION table from the QPR ProcessAnalyzer database. Copy and paste this script which includes the LDAP options:
- UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='AuthenticationMethod';
- UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPConnectionString';
- UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPUserFilter';
- UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPUserSearchBase';
- UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPUserIdAttributeName';
- UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPServerUserName';
- UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPServerPassword';
- Replace '<value>' in the script with your own specific LDAP settings. Note that you need to allow built-in authentication at this point, so define the value of 'AuthenticationMethod' to be '1'. For more information on the values, see the table above.
2. Log in to QPR ProcessAnalyzer as a user that has "All" and "Administrator" rights.
3. Create a new user account in User Manager dialog. The username in QPR ProcessAnalyzer must match the LDAP username.
4. To allow users to authenticate using the LDAP method, change the value of 'AuthenticationMethod' in PA_CONFIGURATION table to either '2' (to allow only LDAP authentication) or '3' (to allow also built-in authentication in case the LDAP authentication fails).
Note that if the user (other than an Administrator) has successfully been authenticated using the LDAP method, this user is not able to change his or her own password in QPR ProcessAnalyzer.