LDAP/AD Authentication: Difference between revisions
(306160) |
(306160) |
||
| Line 21: | Line 21: | ||
|- | |- | ||
|LDAPConnectionString | |LDAPConnectionString | ||
||The IP address for establishing the connection to the LDAP server. || | ||The IP address for establishing the connection to the LDAP server. || "xx.x.xx.xxx" | ||
|- | |- | ||
|LDAPUserFilter | |LDAPUserFilter | ||
||This string is used by the LDAP library to locate and search the user from corporate LDAP server | ||This string is used by the LDAP library to locate and search the user from corporate LDAP server. | ||
|| For example, "(&(objectclass=person))" | |||
|| | |||
|- | |- | ||
|LDAPUserSearchBase | |LDAPUserSearchBase | ||
||The distinguished name of the object at which to start the search | ||The distinguished name of the object at which to start the search.|| For example, "dc=local" | ||
|- | |- | ||
|LDAPUserIdAttributeName | |LDAPUserIdAttributeName | ||
||The user id attribute name. || | ||The user id attribute name. || For example, "sAMAccountName" or "uid" | ||
|- | |- | ||
|LDAPServerUserName | |LDAPServerUserName | ||
|| LDAP server credentials: the distinguished name of the user. | || LDAP server credentials: the distinguished name of the user. | ||
|| | ||<username> | ||
|- | |- | ||
|LDAPServerPassword | |LDAPServerPassword | ||
|| LDAP server credentials: the password of the user. | || LDAP server credentials: the password of the user. | ||
|| | || <password> | ||
|} | |} | ||
Revision as of 07:24, 29 October 2014
QPR ProcessAnalyzer uses three methods for authenticating users:
- The built-in authentication method in which the user is authenticated against the user id/password combination in QPR ProcessAnalyzer database.
- The LDAP (Lightweight Directory Access Protocol) authentication method in which the user is authenticated by validating the username against a corporate LDAP server.
- The combination of the built-in and the LDAP authentication method: if the LDAP method fails, the built-in method is used.
Configuring the Authentication Settings
The authentication method options can be configured in the PA_CONFIGURATION table in the QPR ProcessAnalyzer database. The options relevant for authentication are listed in the following table:
|
All values except for AuthenticationMethod are empty by default.
The authentication method that is currently used is shown in Session Information dialog.
Creating a New LDAP User
The LDAP authentication method can be used in QPR ProcessAnalyzer Pro and QPR ProcessAnalyzer Database. However, the LDAP settings have no effect in QPR ProcessAnalyzer Xpress as it does not use named user authentication.
- Open the PA_CONFIGURATION table from QPR ProcessAnalyzer database and manually configure the LDAP options as described in the table above. Allow built-in authentication.
- Log in to QPR ProcessAnalyzer as a user that has "All" and "Administrator" rights.
- Create a new user account. If the user is meant to be a user authenticated using the LDAP method, then leave the password empty. The username in QPR ProcessAnalyzer must match the LDAP username.
Note that if the user (other than an Administrator) has successfully been authenticated using the LDAP method, this user is not able to change his or her own password in QPR ProcessAnalyzer.