Changes between Version 2 and Version 3 of EchoSystem


Ignore:
Timestamp:
07/11/12 15:03:07 (12 years ago)
Author:
dabantz@…
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • EchoSystem

    v2 v3  
    17175. A security target must be selected when the module is created for the first time. This option determines what the security module protects. If set to Content, presentations instantiating the module will require users to log in against the LDAP criteria specified in the module before the presentation will be delivered. If set to Application, the system will use the LDAP directory to authenticate users accessing the ESS administration Web-UI. 
    18186. Populate the tree definition fields. These fields determine how the ESS should bind (connect) to the LDAP directory and what criteria will be considered for matching when a user provides credentials. Up to three trees can be searched, each of which may reside on the same or separate LDAP servers. The trees are joined with a logical “OR,” meaning that a set of credentials need only match one of the trees in order to be granted access. 
    19 *  LDAP URL: The complete URL by which the LDAP server is accessed, including schema and port, of the form ldap://fqdn:port. 
    20 * Anonymous Login: Indicates whether the LDAP directory may be freely queried without first providing credentials. 
    21 * Manager DN: When anonymous login is disabled, this indicates the distinguished name of a user who has permission to query all parts of the LDAP tree defined by parameters on this page. 
    22 * Manager Password: The password for the account of the manager DN. 
    23 * Base Group DN: Provide the distinguished name of a container holding any groups by which access will be limited. This field is mandatory and usually very broad -- often it is simply the root DC components of the directory DN, since groups can be scattered all throughout the tree. 
    24 * Search Group Subtree: If enabled, the ESS will search containers descending from the Base Group DN recursively. Most users will enable this option. 
    25 * Group Attribute !Name/Value pair: If these optional fields are populated, a user that is found to match the offered credentials must also be contained within a group defined by the value field in the pair, where the attribute name is usually OU or CN. Most users will leave these fields blank.  
    26 * Base User DN: Provide the distinguished name of a container beneath which any users to be granted access can be found. 
    27 * Search User Subtree: If enabled, the ESS will search containers descending from the Base User DN recursively. Most users will enable this option. 
    28 * Group Membership Attribute: Provide the global attribute that is used to define horizontal group relationships within the directory. In Microsoft Active Directory systems, this is the memberOfattribute. 
    29 * User Name Attribute: Provide the global attribute that is used to define the login name associated with a particular user’s distinguished name. In Microsoft Active Directory systems, this is the sAMAccountName attribute. In OpenLDAP systems, this is the uid attribute. 
    30 * Extra User Attribute Name/Value pair: Optionally, provide an attribute name/value pair that must test true in a user record that matches the offered credentials. This can be used to limit access to users possessing an arbitrary attribute of the administrator’s choosing. This pair of fields is the most versatile and is best used to select a specific subset of users from the larger set defined by the Base User DN. 
     19 *  ''LDAP URL:'' The complete URL by which the LDAP server is accessed, including schema and port, of the form ldap://fqdn:port. 
     20 * ''Anonymous Login:'' Indicates whether the LDAP directory may be freely queried without first providing credentials. 
     21 * ''Manager DN:'' When anonymous login is disabled, this indicates the distinguished name of a user who has permission to query all parts of the LDAP tree defined by parameters on this page. 
     22 * ''Manager Password:'' The password for the account of the manager DN. 
     23 * ''Base Group DN:'' Provide the distinguished name of a container holding any groups by which access will be limited. This field is mandatory and usually very broad -- often it is simply the root DC components of the directory DN, since groups can be scattered all throughout the tree. 
     24 * ''Search Group Subtree:'' If enabled, the ESS will search containers descending from the Base Group DN recursively. Most users will enable this option. 
     25 * ''Group Attribute !Name/Value pair:'' If these optional fields are populated, a user that is found to match the offered credentials must also be contained within a group defined by the value field in the pair, where the attribute name is usually OU or CN. Most users will leave these fields blank.  
     26 * ''Base User DN'': Provide the distinguished name of a container beneath which any users to be granted access can be found. 
     27 * ''Search User Subtree:'' If enabled, the ESS will search containers descending from the Base User DN recursively. Most users will enable this option. 
     28 * ''Group Membership Attribute:'' Provide the global attribute that is used to define horizontal group relationships within the directory. In Microsoft Active Directory systems, this is the memberOfattribute. 
     29 * U''ser Name Attribute:'' Provide the global attribute that is used to define the login name associated with a particular user’s distinguished name. In Microsoft Active Directory systems, this is the sAMAccountName attribute. In OpenLDAP systems, this is the uid attribute. 
     30 * ''Extra User Attribute !Name/Value pair:'' Optionally, provide an attribute name/value pair that must test true in a user record that matches the offered credentials. This can be used to limit access to users possessing an arbitrary attribute of the administrator’s choosing. This pair of fields is the most versatile and is best used to select a specific subset of users from the larger set defined by the Base User DN. 
    31317. When finished configuring the tree definition fields, click the blue Save button at the bottom of the page to commit your changes. 
    3232The fields in the Test Security Configuration section above the tree definition fields can be used to simulate login attempts. If a username and password are entered in these fields, the ESS will perform a test authentication against the LDAP directory using the tree values currently visible on the page. In other words, one does not need to save the page’s contents before attempting a test with these fields.