LDAP/AD Authentication: Difference between revisions

From QPR ProcessAnalyzer Wiki
Jump to navigation Jump to search
No edit summary
(306160)
Line 1: Line 1:
QPR ProcessAnalyzer uses three methods for authenticating users:
QPR ProcessAnalyzer uses three methods for authenticating users:
*the built-in authentication method in which the user is authenticated against the user id/password combination in QPR ProcessAnalyzer database
*The built-in authentication method in which the user is authenticated against the user id/password combination in QPR ProcessAnalyzer database.
*the LDAP (Lightweight Directory Access Protocol) authentication method in which the user is authenticated by validating the username against a corporate LDAP server
*The LDAP (Lightweight Directory Access Protocol) authentication method in which the user is authenticated by validating the username against a corporate LDAP server.
*the combination of the built-in and the LDAP authentication method: if the LDAP method fails, the built-in method is used.  
*The combination of the built-in and the LDAP authentication method: if the LDAP method fails, the built-in method is used.  


== Configuring the Authentication Settings ==
== Configuring the Authentication Settings ==
Line 15: Line 15:
|AuthenticationMethod ||Indicates which authentication method is used.
|AuthenticationMethod ||Indicates which authentication method is used.
||
||
*1 = The user is authenticated against the passwords in QPR ProcessAnalyzer database (the default value).<br>
*1 (the default value) = The user is authenticated against the passwords in QPR ProcessAnalyzer database.<br>
*2 = The user is authenticated using the LDAP method by validating the username against a corporate LDAP server.<br>
*2 = The user is authenticated using the LDAP method by validating the username against a corporate LDAP server.<br>
*3 = The user is authenticated using both methods: if LDAP authentication fails, then logging in will be done using the built-in authentication method.<br>
*3 = The user is authenticated using both methods: if LDAP authentication fails, then logging in will be done using the built-in authentication method.<br>
Line 21: Line 21:
|-
|-
|LDAPConnectionString
|LDAPConnectionString
||The IP address of the LDAP server. ||
||The IP address for establishing the connection to the LDAP server. ||


|-
|-
Line 38: Line 38:
|-
|-
|LDAPServerUserName
|LDAPServerUserName
||The distinguished name of the user.
|| LDAP server credentials: the distinguished name of the user.
||
|| If no value is given, then anonymous authentication is used.


|-
|-
|LDAPServerPassword
|LDAPServerPassword
||The password of the user.
|| LDAP server credentials: the password of the user.
||
|| If no value is given, then anonymous authentication is used.




Line 56: Line 56:
The authentication method that is currently used is shown in Session Information dialog.
The authentication method that is currently used is shown in Session Information dialog.


If user (other than an Administrator) has successfully been authenticated against LDAP, this user is not able to change his or her own password.
If user (other than an Administrator) has successfully been authenticated using the LDAP method, this user is not able to change his or her own password.


{{About Version}}
{{About Version}}

Revision as of 13:24, 28 October 2014

QPR ProcessAnalyzer uses three methods for authenticating users:

  • The built-in authentication method in which the user is authenticated against the user id/password combination in QPR ProcessAnalyzer database.
  • The LDAP (Lightweight Directory Access Protocol) authentication method in which the user is authenticated by validating the username against a corporate LDAP server.
  • The combination of the built-in and the LDAP authentication method: if the LDAP method fails, the built-in method is used.

Configuring the Authentication Settings

The authentication method options can be configured in the PA_CONFIGURATION table in the QPR ProcessAnalyzer database. The options relevant for authentication are listed in the following table:

Name Description Value
AuthenticationMethod Indicates which authentication method is used.
  • 1 (the default value) = The user is authenticated against the passwords in QPR ProcessAnalyzer database.
  • 2 = The user is authenticated using the LDAP method by validating the username against a corporate LDAP server.
  • 3 = The user is authenticated using both methods: if LDAP authentication fails, then logging in will be done using the built-in authentication method.

If the value has not been defined (or if you try to define any other value than 1, 2, or 3), the login will fail and you will receive an error message.

LDAPConnectionString The IP address for establishing the connection to the LDAP server.
LDAPUserFilter This string is used by the LDAP library to locate and search the user from corporate LDAP server.
LDAPUserSearchBase The distinguished name of the object at which to start the search.
LDAPUserIdAttributeName The user id attribute name.
LDAPServerUserName LDAP server credentials: the distinguished name of the user. If no value is given, then anonymous authentication is used.
LDAPServerPassword LDAP server credentials: the password of the user. If no value is given, then anonymous authentication is used.


All values except for AuthenticationMethod are empty by default.

The LDAP authentication method can be used in QPR ProcessAnalyzer Pro and Database versions. The LDAP settings have no effect in QPR ProcessAnalyzer Xpress as it does not use named user authentication.

The authentication method that is currently used is shown in Session Information dialog.

If user (other than an Administrator) has successfully been authenticated using the LDAP method, this user is not able to change his or her own password.

Template:About Version

Retrieved from "https://wiki.onqpr.com/pa/index.php?title=LDAP/AD_Authentication&oldid=1553"