1 / 9

ILLiad and Active Directory

ILLiad and Active Directory. Active Directory is Microsoft's own proprietary implementation of LDAP. Can ILLiad authenticate against AD? Yes, ILLiad can authenticate against AD if properly configured. What is a Domain?.

whitby
Download Presentation

ILLiad and Active Directory

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ILLiad and Active Directory • Active Directory is Microsoft's own proprietary implementation of LDAP. • Can ILLiad authenticate against AD? Yes, ILLiad can authenticate against AD if properly configured.

  2. What is a Domain? • A Windows domain is an organizational unit that contains various resources. User Accounts Computer Accounts Groups Printers

  3. Global Catalogue Server • A Global Catalogue Server (GC) can be thought of as server that maintains a master index of all the resources in AD.

  4. Authentication Methods • Single Domain Authentication • Authentication against one Windows domain. • ILLiad authenticates against a Domain Controller. • Multiple Domain Authentication • Authentication against multiple Windows domains. • ILLiad authenticates against a Global Catalogue Server.

  5. Customization Manager LDAP Keys

  6. Single Domain Example • Username & Password are for a generic user in the library domain. LDAPBindStye:Two Step LDAPInitialBindDN:cn=Username, dc=library, dc=somedomain, cn=edu LDAPInitalBindPassword:Password LDAPPortNo: 389 LDAPSearchFilter:userprincipalname=$uid@library.somedomain.edu LDAPSearchPrefix:cn= LDAPSearchScope:SubTree LDAPSearchSuffix:dn=somedomain, dn=edu LDAPSecureSSL:Yes LDAPSecureSSLPort:636 LDAPServerName:library.somedomain.edu LDAPSupport:Yes

  7. Multiple Domain Example • Username & Password are for a generic user in the library domain. LDAPBindStye:Two Step LDAPInitialBindDN:cn=Username, cn=users, dc=library, dc=somedomain, cn=edu LDAPInitalBindPassword:Password LDAPPortNo: 3268 LDAPSearchFilter: (&(samaccountname=$uid)(|(description=ONID User)(description=ILLiad User))) LDAPSearchPrefix:cn= LDAPSearchScope:SubTree LDAPSearchSuffix:dn=somedomain, dn=edu LDAPSecureSSL:Yes LDAPSecureSSLPort: 3269 LDAPServerName: global_catalogue.somedomain.edu LDAPSupport:Yes

  8. Active Directory User Attributes • Label in AD Users and Computers • LDAP provider property name User logon name pre-Windows 2000 logon name Account disabled? Logon Hours… Logon On To… (Logon Workstations) User must change password at next logon User cannot change password Password never expires Store password using reversible encryption Account expires end of (date) userPrincipalName sAMAccountName userAccountControl logonHours userWorkstations pwdLastSet userAccountControl userAccountControl userAccountControl accountExpires

  9. Resources • Active Directory Attributes http://www.rlmueller.net/UserAttributes.htm • ILLiad Customization http://a4567.bates.edu/wiki/ILLiadCustomization • Windows 2000 LDAP Authentication http://www.stbernard.com/products/docs/ip_technotes/ldapwin2k.pdf

More Related