LDAP/AD Authentication: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
QPR ProcessAnalyzer has the following methods for authenticating users: | QPR ProcessAnalyzer has the following methods for authenticating users: | ||
* '''Built-in authentication''' in which users are authenticated using the username and password in stored in the QPR ProcessAnalyzer database (using the [[ | * '''Built-in authentication''' in which users are authenticated using the username and password in stored in the QPR ProcessAnalyzer database (using the [[Manage_Users_and_Groups|Manage Users]] dialog). | ||
* '''LDAP/AD authentication''' (Lightweight Directory Access Protocol/Active Directory) in which users are authenticated by validating the username against an external LDAP/AD server. Note that user accounts with corresponding names need to be created to the QPR ProcessAnalyzer database before user can login (using the [[ | * '''LDAP/AD authentication''' (Lightweight Directory Access Protocol/Active Directory) in which users are authenticated by validating the username against an external LDAP/AD server. Note that user accounts with corresponding names need to be created to the QPR ProcessAnalyzer database before user can login (using the [[Manage_Users_and_Groups|Manage Users]] dialog). | ||
* Combination of the built-in and the LDAP authentication, in which, if the LDAP method fails, the built-in method is used. | * Combination of the built-in and the LDAP authentication, in which, if the LDAP method fails, the built-in method is used. | ||
== Configuring Authentication Settings == | == Configuring Authentication Settings == | ||
Authentication related settings are configured in the [[ | Authentication related settings are configured in the [[PA_Configuration_database_table|PA_CONFIGURATION]] table in the QPR ProcessAnalyzer database. The settings are as follows: | ||
{| class="wikitable" style="text-align: left" | {| class="wikitable" style="text-align: left" | ||
!Name | !Name | ||
Line 50: | Line 50: | ||
2. Log in to QPR ProcessAnalyzer as a user that has '''All''' and '''Administrator''' rights.<br> | 2. Log in to QPR ProcessAnalyzer as a user that has '''All''' and '''Administrator''' rights.<br> | ||
3. Create a new user account in the [[ | 3. Create a new user account in the [[Manage_Users_and_Groups|Manage Users]] dialog. The username in QPR ProcessAnalyzer must match the LDAP username.<br> | ||
4. To allow users to authenticate using the LDAP method, change the value of '''AuthenticationMethod''' in '''PA_CONFIGURATION''' table to either '''2''' (to allow only LDAP authentication) or '''3''' (to allow also built-in authentication in case the LDAP authentication fails). | 4. To allow users to authenticate using the LDAP method, change the value of '''AuthenticationMethod''' in '''PA_CONFIGURATION''' table to either '''2''' (to allow only LDAP authentication) or '''3''' (to allow also built-in authentication in case the LDAP authentication fails). | ||
Note that if the user (other than an Administrator) has successfully been authenticated using the LDAP method, this user is not able to change his or her own password in QPR ProcessAnalyzer. | Note that if the user (other than an Administrator) has successfully been authenticated using the LDAP method, this user is not able to change his or her own password in QPR ProcessAnalyzer. |
Revision as of 19:28, 11 December 2021
QPR ProcessAnalyzer has the following methods for authenticating users:
- Built-in authentication in which users are authenticated using the username and password in stored in the QPR ProcessAnalyzer database (using the Manage Users dialog).
- LDAP/AD authentication (Lightweight Directory Access Protocol/Active Directory) in which users are authenticated by validating the username against an external LDAP/AD server. Note that user accounts with corresponding names need to be created to the QPR ProcessAnalyzer database before user can login (using the Manage Users dialog).
- Combination of the built-in and the LDAP authentication, in which, if the LDAP method fails, the built-in method is used.
Configuring Authentication Settings
Authentication related settings are configured in the PA_CONFIGURATION table in the QPR ProcessAnalyzer database. The settings are as follows:
Name | Description |
---|---|
AuthenticationMethod | Indicates which authentication method is used. Options:
|
LDAPConnectionString | The IP address for establishing the connection to the LDAP server. Append :3268 to the end of the address if you want to use Global Catalog by default. Format: xx.x.xx.xxx |
LDAPUserFilter | This string is used by the LDAP library to locate and search the user from corporate LDAP server. For example (&(objectclass=person)) |
LDAPUserSearchBase | Distinguished name of the object at which to start the search. For example dc=local |
LDAPUserIdAttributeName | User id attribute name. For example sAMAccountName or uid. |
LDAPServerUserName | Distinguished name of the user to login to the AD/LDAP server. |
LDAPServerPassword | Password of the user to login to the AD/LDAP server. |
Creating Users for LDAP Authentication
The LDAP authentication can be used in QPR ProcessAnalyzer Server (Pro).
1. Edit the LDAP authentication options of the PA_CONFIGURATION table in the QPR ProcessAnalyzer database, or run the following query to the QPR ProcessAnalyzer database:
UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='AuthenticationMethod'; UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPConnectionString'; UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPUserFilter'; UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPUserSearchBase'; UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPUserIdAttributeName'; UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPServerUserName'; UPDATE PA_CONFIGURATION SET CFG_VALUE='<value>' WHERE CFG_KEY='LDAPServerPassword';
- Replace <value> in the script with your own specific LDAP settings. Note that you need to allow built-in authentication at this point, so define the value of AuthenticationMethod to be 1. For more information on the values, see the table above.
2. Log in to QPR ProcessAnalyzer as a user that has All and Administrator rights.
3. Create a new user account in the Manage Users dialog. The username in QPR ProcessAnalyzer must match the LDAP username.
4. To allow users to authenticate using the LDAP method, change the value of AuthenticationMethod in PA_CONFIGURATION table to either 2 (to allow only LDAP authentication) or 3 (to allow also built-in authentication in case the LDAP authentication fails).
Note that if the user (other than an Administrator) has successfully been authenticated using the LDAP method, this user is not able to change his or her own password in QPR ProcessAnalyzer.