ISBG May LDAP: It s Time. Gabriella Davis - Technical Director The Turtle Partnership
|
|
- Blaise Watson
- 5 years ago
- Views:
Transcription
1 ISBG May 2015 LDAP: It s Time Gabriella Davis - Technical Director The Turtle Partnership gabriella@turtlepartnership.com
2 What Is LDAP? Lightweight Directory Access Protocol Standard language for reading and writing to directories Adopted as a directory protocol by most large providers IBM Tivoli Directory Server Sun One Novell edirectory Microsoft Active Directory If you want to connect two systems together and use a single directory, you will be using LDAP If you want to have a central directory used by many different systems, you will be using LDAP
3 Why Do We Need LDAP? Directories are central to everything we do They identify people and things that exist in our world and what they do They identify the hierarchy of those people and things Without a directory we would have no audience for our applications everyone would be anonymous If everyone is anonymous, then everyone is also identical and we can t create a custom experience
4 LDAP Queries and How They Work In most cases, the client will be a server acting on behalf of a user of its software
5 LDAP Behavior What happens when a client performs an LDAP query? The client asks for the directory by hostname E.g., LDAP.isbg.com Connect to the directory over TCP LDAP uses port 389 by default, which is unsecured, or port 636 secured Search the directory for the directory entries you need E.g., all people with a last name of davis Take the values from those directory entries E.g., give me the address of everyone you found
6 Terms That Come Up a Lot When Working with LDAP LDAP Server host server Directory Services Agent the service you connect to Bind how you connect to the directory, using what credentials and over what port Schema the definition of the directory and the objects within it Directory information tree. Think of this as the design. Directory entries these could be people, servers, printers, etc. Think of these as documents Attribute defined in the schema, a directory entry contains attributes that themselves hold values Think of these as fields
7 What Is Bind? Assuming we know where the server is (its hostname) To connect to the LDAP server we need to know how How consists of: What port is the server listening on How to use a certificate if one is needed for security What identity is going to be used to access the directory You can configure an LDAP server to allow anonymous access and not need to supply any name or password But it s a directory and has valuable information in it. In the majority of cases, we want it secured. The name and password is that of a directory entry in the LDAP directory These are called the bind credentials
8 Bind Credentials When you bind using credentials to an LDAP server, you are gaining access to anything in the directory those credentials can see More on this later in security The LDAP administrator can assign credentials that themselves have access to only a limited part of the directory For example the credentials salesldap bind may have access to only the Sales part of the directory Any search done with those credentials would only find matching entries within Sales Bind credentials should be Unique across all directories Have a complex non-expiring password Not used for anything else
9 Searching Every LDAP query starts with a search, otherwise how do we find the right people? Searches are constructed strictly according to the schema Although LDAP is a common protocol, each server will have its own schema and so its own search syntax The syntax for searching Active Directory is different from that used to search Domino for instance The good news is that most IBM software has pre-defined search strings to suit the most common LDAP servers
10 Constructing a Search The realities of searching are that in large directories you want your search to: Be efficient Be accurate Return as few entries as possible If we search only for last name is davis we will find both Gabriella Davis and Tim Davis Expanding the search to include first name would help with that Tim Davis in marketing needs a different kind of search than Tim Davis in sales We could choose to include department in our search filter, if that information is available It would be more efficient to choose to search in only a specific part of the hierarchy, such as looking for Tim Davis only within the sales part of our directory
11 Constructing a Search (cont.) To focus our search on a specific part of the directory, we use a baseobject or base_dn. This is the name of the part of the directory we want to search. Examples: AD: base_dn=ou=sales,ou=europe,dc=theview,dc=com Domino: base_dn=ou=sales,ou=europe,o=theview This tells the search to look only in that part of the directory for any results. It makes the search more efficient and prevents any false positives. scope is a search parameter that tells the search how many levels down in the directory from the base_dn it should look singlelevel means search only ou=sales wholesubtree means search ou=sales and anything beneath that part of the directory
12 In Short We connect to a host server and create a search based on the schema to pull the values we want from attributes in matching directory entries
13 Domino and LDAP Domino s directory format for names.nsf is not LDAP by default Domino uses its own protocol to read and manage its primary directory This is consistent across all Domino servers so any other Domino server can read any Domino directory But no non-domino server can read a Domino directory without having it translated The LDAP task, when run on a Domino server, makes the names.nsf available to any LDAP query If you use Directory Assistance, this can also apply to other directories your server can see
14 LDAP Task Load LDAP on the Domino Server Loads by default on Domino servers now Spawns two separate tasks LDAP listener for handling inbound connections LDAP utility for building and propagating the schema Runs the LDAP protocol which can make names.nsf and other directories available for LDAP searches LDAP is specific to each server, so running it on Server A does not grant access to Server B
15 Schema.nsf The LDAP task uses the database schema.nsf on each server to determine how to translate Domino object references into LDAP object references Schema.nsf is created automatically by the Administration server of your Domino domain the first time LDAP is loaded on that server For LDAP to work anywhere in your organization, you must first create schema.nsf by loading LDAP on your administration server A replica of schema.nsf is automatically pushed from the administration server the first time you Load LDAP on any other server in your domain Any server in your domain that runs, or has ever run, the LDAP task will have a replica of schema.nsf in place Once schema.nsf is created, you don t have to keep LDAP running on the Administration server if you don t need it
16 Schema Template You should never need to manually create a schema.nsf but any databases that do exist should be based on the schema template Template name is StdDominoLDAPSchema (schema.ntf) If you do manually create one for whatever reason, don t call it anything other than schema.nsf
17 Domino Attributes in the Schema Open schema.nsf on your server Go to the view LDAP Attribute Types Review list of notes field names and matching LDAP attribute names
18 LDAP Configuration Document LDAP configuration is available only from a global configuration document in the names.nsf The global configuration document is the one marked for [All Servers]
19 Configuring LDAP in Domino On a Global Configuration document, there is a new page called LDAP This is not visible on any other configuration document On the LDAP page, you can configure how LDAP behaves on every server in your organization There can be only one Global Configuration Document per domain so the configuration applies to all servers running the LDAP task The default LDAP settings will work in most cases, but you should always review these carefully to ensure you are configuring for best security and performance
20 Exposing Domino Data to Anonymous Users
21 LDAP Options Affecting Domino Performance Allow LDAP users write access Do you want LDAP clients to be able to make changes to your Domino Directories? This doesn t override directory ACL or roles Timeout How many seconds before a search is cancelled? Don t leave it as zero, which means indefinite. Maximum number of entries returned When doing an LDAP search against a large directory, you can restrict the number of results returned Minimum characters for wildcard search Do you really want people searching for the letter S if they are looking for Smith or even Sm Allow Alternate Language Information processing
22 LDAP Options Affecting Domino Performance (cont.) Rules to follow when this directory is the primary directory, and there are multiple matches on the distinguished name being compared/modified Don t modify any/modify first match/modify all matches? Automatically Full Text Index Domino Directory? Improves performance of searches against Domino Directory, but use only if you are performing high demand searches against a large Directory Enforce schema? If the LDAP user has write access to the Domino Directory, can they write or change attributes that aren t defined in the Domino schema? DN Required on Bind? Require fully distinguished name for security
23 LDAP Options Affecting Domino Performance (cont.) Encode results in UTF8 for LDAPv2 clients? This is about the formatting of results for older LDAP client queries Maximum number of referrals An LDAP query against a server can return a referral to yet another LDAP server, how many layers down are you happy for these referrals to go? Activity Logging truncation size Allow dereferencing of aliases on search requests? Instructs Domino to return search values that correspond to aliases matched by a search
24 Setting Up the LDAP Task LDAP should be configured as an Internet Site Document You can configure it directly in the server document under Internet Protocols LDAP But this is less secure than using Internet site documents
25 Setting Up the LDAP Port You configure the LDAP overall port and behavior under ports internet ports directory Enforce server access settings control whether Domino will enforce server document security settings
26 Directory Assistance and LDAP Directory Assistance can be used to configure additional directories for your Domino server to use when authenticating access or sending mail An additional directory can be Domino or LDAP If you choose to add an LDAP directory to Directory Assistance you need to configure the document
27 DA Basics Tab Configuration Multiple directories in DA can be prioritized in search order Determines which client types this directory can be accessed by Don t use this directory for mail addressing or lookups
28 Directory Assistance LDAP Configuration Each step of the LDAP configuration can be tested and verified before saving
29 DA Naming Contexts Configuration Configure to Trusted for Credentials as you re going to use this LDAP source for authentication
30 Testing Directory Assistance Configuration From the server console, type sh xdir This shows all directories configured on that server and whether they are LDAP
31 Ldapsearch Search utility that ships with Domino and Notes Found in the Domino or Notes program directory Used for searching any LDAP server ldapsearch [parameters to connect] [searchfilter to find correct entries] [attributes to return] No searchfilter will be a request for all entries No attributes specified will be an instruction to return all attributes Certain parameters such as hostname are required
32 Ldapsearch Parameters -h hostname to connect to e.g. ldap1.theview.com -b -D -w -p -? base_dn. Many servers will require you to specify a base_dn for your query and won t accept a query that doesn t have one bind name, if you aren t using anonymous access bind password to go with D port to connect to usually 636 for secured or 389 for unsecured to see the full list of parameters
33 Ldapsearch Search Filter Search filters are to limit the results of an LDAP query to just those directory entries you are interested in The format for a search filter is <attribute> <operator> <value> e.g. sn=davis (lastname is Davis) Use operators and brackets to nest together search attributes Use * for wildcards in values & AND OR! Not equal to = equal to
34 Search Filter Examples Any entry with first name of Gabriella and last name of Davis (&(givenname=gabriella)(sn=davis)) Any entry with first name of Gabriella and last name of Davis or Davies (&(givenname=gabriella)(!(sn=davis)(sn=davies)) Any entry with mail address containing theview.com (mail=*theview.com)
35 Search Filter Examples (cont.) Search for anyone with the last name Davis and return their common name ldapsearch h ldap1.theview.com p 389 D ldaplogin w passwordforldap (sn=davis) cn Search anonymously for anyone with a mail address containing theview.com and return their name ldapsearch h ldap1.theview.com p 389 (mail=*theview.com) cn Search the marketing division on a secure Active Directory server to find the Marketing Director and return all their details ldapsearch h ldap1.theview.com p 636 b cn=marketing,ou=global,dc=theview,dc=com D ldaplogin w passwordforldap (Title=Marketing Director)
36 Softerra s LDAP Browser Free, powerful GUI interface for performing LDAP queries and searches Does not allow modifications to LDAP entries For that you need to purchase their LDAP administrator Very useful for understanding the schema of a directory Especially if you re new to Domino LDAP. You can use Softerra to see what Domino looks like to an LDAP client. Always test your LDAP assumptions, hostname, port, credentials and attributes using something like LDAP Browser before assuming they are correct
37 LDAP Browser Demo Working with servers List of configured LDAP servers softerra can access
38 LDAP Browser Adding Profiles Define the LDAP server s location, connection and bind credentials in the Softerra profile
39 LDIF LDAP Data Interchange Format Used for importing, exporting and updating LDAP contents Standard format Ldapsearch to export ldap content to an LDIF file Ldapadd to update an LDAP directory with entries from an LDIF Ldapmodify to modify an LDAP directory with change records from an LDIF Lots of tools available to work with LDIFs including native Windows tools and Domino Migrate Users
40 LDIF Example Snippet dn: CN=Gabriella Davis,CN=Users,DC=int,DC=turtlepartnership,DC=com objectclass: top objectclass: person objectclass: organizationalperson objectclass: user cn: Gabriella Davis sn: Davis givenname: Gabriella distinguishedname: CN=Gabriella Davis,CN=Users,DC=int,DC=turtlepartnership,DC=com displayname: Gabriella Davis samaccounttype: userprincipalname: CN=Person,CN=Schema,CN=Configuration,DC=int,DC=turtlepartnership,DC=com
41 Notes As an LDAP Client Regardless of your Domino server configuration, Notes itself can act as an LDAP client performing queries against other servers Configured as an account in the user s local names.nsf
42 Searching LDAP Directories from Within Notes LDAP directories will not show in their entirety in Notes You have to search for what you need You can do either a simple or advanced search
43 LDAP and Other IBM Lotus Products Many of the extended IBM Lotus products now require an LDAP server be defined as the Directory source This allows multiple servers to share a common directory with a common protocol regardless of their own platform Connections and Sametime use WebSphere Application Server (WAS) as a platform, but WAS doesn t have a directory of its own it must use an external LDAP directory Within WAS, you can define multiple LDAP sources to act as a single directory much like Directory Assistance in Domino The is called federating the directories
44 WAS LDAP Configuration Login to the Integrated Solutions Console (or Sametime System Console) and choose Security Global Security
45 Viewing Federated Repositories The list of federated repositories shown here comprises what WAS considers to be its directory
46 Configuring Each LDAP Source
47 Testing LDAP Configuration in WAS
48 LDAP Sources As we ve seen, Domino can act as an LDAP server and could therefore be used in configuring a product like Sametime Sametime instant messaging is still based on the Domino platform but you cannot use that same Domino server as your LDAP server Otherwise you are telling the Sametime Community Server to use itself as an external LDAP reference
49 LDAP Security Risks Exposing a directory to anonymous queries, allowing for harvesting of corporate information Not providing secure enough bind credentials so they can be potentially hacked Not connecting using SSL, which means your connection isn t encrypted and bind credentials are sent in clear text Trusting users from another LDAP source you don t control to authenticate onto your servers Does the password quality for users on the external LDAP source match that for your own users Once you have trusted an entire directory, your own directory security is lowered to the level of that uncontrolled source
50 LDAP Security Mitigation Ensure you are only exposing the LDAP entries and attributes you need to Use an LDAP tool to connect to your own server with the bind credentials you are making available to see what others see If you are adding an LDAP server to Directory Assistance in Domino and are trusting it for authentication purposes, ensure you lock down Default access to databases in your environment Use catalog.nsf and DDM to find potential problem areas Never let anyone connect to your directory using credentials without enabling SSL
51 LDAP Performance Tuning Several things impact LDAP performance on any LDAP server Size of directory Using a base_dn limits the search scope for queries and is required for efficiency in very large directories Number of search results returned for a query Length of search string Don t force the server to search as each character is entered Nested groups or dereferencing Anything that causes a lookup to generate another lookup, then another, has a big performance impact
52 LDAP Performance Searching Searching for a user to authenticate when someone logs in requires a directory lookup Most LDAP servers are optimized to find entries if you re using a login name or address If you re using a special or non-standard attribute for login then that may affect performance Domino LDAP uses predefined views if you are allowing logins by name In most cases, you would want to full text index the directory on your Domino LDAP server for performance Many LDAP servers such as Active Directory have strict default limits on LDAP search timeouts and size of search results returned for both performance and security reasons These can always be modified
53 LDAP and DDM If your Domino server is configured to use another LDAP directory in Directory Assistance you can monitor that via a DDM probe Configured in events4.nsf Reported into ddm.nsf on your Domino server
54 Summary LDAP is a standard protocol for directories used by all the major directory providers so in general, no matter the provider, all LDAP servers are equal Many software products that do not have their own directories require connection to an LDAP source of some kind Using LDAP allows you to connect multiple systems together all using the same directory source Domino can be an LDAP server, making its own directories available over the LDAP protocol to other clients and programs Domino can also connect to other LDAP servers using a Directory Assistance document Many IBM products now require or recommend the use of an LDAP directory including Sametime, Connections, and Quickr Integrating LDAP into your solution can have a significant performance and security impact which must be managed
55 Questions How to contact me: Gabriella Davis Twitter: gabturtle
DIRECTORY INTEGRATION: USING ACTIVE DIRECTORY FOR AUTHENTICATION. Gabriella Davis The Turtle Partnership
DIRECTORY INTEGRATION: USING ACTIVE DIRECTORY FOR AUTHENTICATION Gabriella Davis The Turtle Partnership In This Session Review possible use cases for multiple directories Understand security implications
More informationSETTING UP A HYBRID DOMINO ENVIRONMENT TO EASE YOUR WAY TO THE CLOUD
SETTING UP A HYBRID DOMINO ENVIRONMENT TO EASE YOUR WAY TO THE CLOUD Gabriella Davis - gabriella@turtlepartnership.com IBM Lifetime Champion for Social Business The Turtle Partnership 1 WHO AM I? Admin
More informationTools Every Domino Admin Needs
ISBG 2015 Tools Every Domino Admin Needs Gabriella Davis - Technical Director The Turtle Partnership gabriella@turtlepartnership.com Domino Admin Client Files Tab Domino Admin Client Group Membership Domino
More informationGet Started Installing IBM Lotus Sametime You Too Can Be a WAS Admin! OR 140 Slides In 60 Minutes
Get Started Installing IBM Lotus Sametime 8.5.1 You Too Can Be a WAS Admin! OR 140 Slides In 60 Minutes Gabriella Davis Technical Director The Turtle Partnership About Me Gabriella Davis The Turtle Partnership
More informationSINGLE SIGN ON SOLUTIONS FOR ICS PRODUCTS
SINGLE SIGN ON SOLUTIONS FOR ICS PRODUCTS Gabriella Davis - gabriella@turtlepartnership.com IBM Lifetime Champion for Social Business The Turtle Partnership 1 Admin of all things and especially quite complicated
More informationBusinessObjects Enterprise XI
Overview Contents This document contains information on LDAP authentication and how to configure with this type of authentication. INTRODUCTION... 2 What Is LDAP?...2 LDAP platforms supported by...3 LDAP
More informationLaserfiche Rio 10.3: Deployment Guide. White Paper
Laserfiche Rio 10.3: Deployment Guide White Paper January 2018 Table of Contents How Laserfiche Licensing Works... 4 Types of Licenses... 4 Named User Licenses... 4 WebLink Public Portal Licenses... 6
More informationNotifySCM Workspace Administration Guide
NotifySCM Workspace Administration Guide TABLE OF CONTENTS 1 Overview... 3 2 Login... 4 2.1 Main View... 5 3 Manage... 6 3.1 PIM... 6 3.2 Document...12 3.3 Server...13 4 Workspace Configuration... 14 4.1
More informationForeScout CounterACT. Configuration Guide. Version 6.3
ForeScout CounterACT Authentication Module: User Directory Plugin Version 6.3 Table of Contents About the User Directory Plugin... 4 Endpoint User Details... 4 Endpoint Authentication... 5 User Directory
More informationEnforced Client Policy & Reporting Server (EPRS) 2.3. Administration Guide
Enforced Client Policy & Reporting Server (EPRS) 2.3 Copyright 2016 Dell Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. Dell, the
More informationSetup domino admin client by providing username server name and then providing the id file.
Main focus of this document is on the lotus domino 8 server with lotus sametime 8. Note: do not configure Web SSO, Ltpatoken, directory assistance and ldap configuration because they will be configured
More informationFirst thing is to examine the valid switches for ldapmodify command, ie on my machine with the Fedora Direcotory Server Installed.
LDAP Command via the command line This document is on about the use of LDAP via the command line instead of the GUI. The reason for this is the command lines for LDAP are more powerful and adapt especially
More informationDomino Integration DME 4.6 IBM Lotus Domino
DME 4.6 IBM Lotus Domino Document version 1.3 Published 10-05-2017 Contents... 3 Authentication and authorization: LDAP... 4 LDAP identity...4 Access groups...5 User information retrieval...6 Configuration...6
More informationConfiguring Applications to Exploit LDAP
BY BOB PETTI Configuring Email Applications to Exploit LDAP Email applications such as Microsoft Outlook Express, Pegasus Mail, Netscape Communicator, Lotus Notes and Eudora can be configured to retrieve
More informationLotus Learning Management System R1
Lotus Learning Management System R1 Version 1.0.4 March 2004 Administrator's Guide G210-1785-00 Contents Chapter 1 Introduction to the Learning Management System and Administration...1 Understanding the
More informationSMS 2.0 SSO / LDAP Launch Kit
SMS 2.0 SSO / LDAP Launch Kit Table of Contents What options are available in SMS 2.0 for Single Sign On?... 4 LDAP (Lightweight Directory Access Protocol)... 4 SkySSO (Skyward Single Sign On)... 4 SkySTS
More informationlessons learned from living with LDAP
B R E N D A N Q U I N N lessons learned from living with LDAP Brendan Quinn has more than 14 years of experience as a sysadmin, security engineer, and infrastrucure engineer. He is currently a Senior Infrastructure
More informationSetting up Multiple LDAP Domains in SonicWall 6.5 Firmware without Partitioning.
Setting up Multiple LDAP Domains in SonicWall 6.5 Firmware without Partitioning. SonicWall 6.5 firmware now allows multiple LDAP servers for authentication, to set this up follow the guide below. SonicWall
More informationBlue Coat Security First Steps Solution for Integrating Authentication Using LDAP
Solution for Integrating Authentication Using LDAP SGOS 6.5 Third Party Copyright Notices 2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER,
More informationTroubleshooting WebSphere Process Server: Integration with LDAP systems for authentication and authorization
Troubleshooting WebSphere Process Server: Integration with LDAP systems for authentication and authorization Dr. Stephan Volz (stephan.volz@de.ibm.com) Technical Teamlead BPC L2 support (EMEA) 24 August
More informationAuthorized Send Installation and Configuration Guide Version 3.5
Canon Authorized Send Installation and Configuration Guide Version 3.5 08011-35-UD2-004 This page is intentionally left blank. 2 Authorized Send Installation and Configuration Guide Contents Preface...5
More informationDualog Connection Suite LDAP Server. User Manual and Configuration Guide
Dualog Connection Suite LDAP Server User Manual and Configuration Guide Author Vidar Berg Date 10.Nov 2010 Description Revision Number User manual for setting up and maintaining the Dualog Connection Suite
More informationAdvanced Network and System Administration. Accounts and Namespaces
Advanced Network and System Administration Accounts and Namespaces 1 Topics 1. What is a directory? 2. NIS 3. LDAP 4. OpenLDAP 5. LDAP Authentication 2 What is a Directory? Directory: A collection of information
More informationIBM Security Access Manager Version 9.0 October Federation Administration topics IBM
IBM Security Access Manager Version 9.0 October 2015 Federation Administration topics IBM IBM Security Access Manager Version 9.0 October 2015 Federation Administration topics IBM ii IBM Security Access
More informationACS 5.x: LDAP Server Configuration Example
ACS 5.x: LDAP Server Configuration Example Document ID: 113473 Contents Introduction Prerequisites Requirements Components Used Conventions Background Information Directory Service Authentication Using
More informationUser Guide. Admin Guide. r
User Guide Admin Guide r 03.08.16 1 Welcome to Keeper! We re excited you have chosen to work with us. Let s get started by walking through how you can tell your employees about Keeper, then we ll walk
More informationLotus Team Workplace. Version Administrator's Guide G
Lotus Team Workplace Version 6.5.1 Administrator's Guide G210-1656-00 Disclaimer THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. WHILE EFFORTS WERE MADE TO
More informationManaging External Identity Sources
CHAPTER 5 The Cisco Identity Services Engine (Cisco ISE) integrates with external identity sources to validate credentials in user authentication functions, and to retrieve group information and other
More informationWorkspace ONE UEM Directory Service Integration. VMware Workspace ONE UEM 1811
Workspace ONE UEM Directory Service Integration VMware Workspace ONE UEM 1811 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments
More informationLDAP Directory Services
ATTENTION LDAP Directory Services THE MATERIAL PROVIDED IN THIS DOCUMENT IS FOR INFORMATION PURPOSES ONLY. IT IS NOT INTENDED TO BE ADVICE. YOU SHOULD NOT ACT OR ABSTAIN FROM ACTING BASED UPON SUCH INFORMATION
More informationBlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0. Administration Guide
BlackBerry Enterprise Server for IBM Lotus Domino Version: 5.0 Administration Guide SWDT487521-636611-0528041049-001 Contents 1 Overview: BlackBerry Enterprise Server... 21 Getting started in your BlackBerry
More informationVMware Identity Manager Administration
VMware Identity Manager Administration VMware Identity Manager 2.4 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationNotifySCM Integration Overview
NotifySCM Integration Overview TABLE OF CONTENTS 1 Foreword... 3 2 Overview... 4 3 Hosting Machine... 5 3.1 Installing NotifySCM on Linux... 5 3.2 Installing NotifySCM on Windows... 5 4 Network Configuration...
More informationForescout. Server and Guest Management Configuration Guide. Version 6.4
Forescout Authentication Module: User Directory Plugin Server and Guest Management Configuration Guide Version 6.4 Contact Information Forescout Technologies, Inc. 190 West Tasman Drive San Jose, CA 95134
More informationIBM Tivoli Identity Manager V5.1 Fundamentals
IBM Tivoli Identity Manager V5.1 Fundamentals Number: 000-038 Passing Score: 600 Time Limit: 120 min File Version: 1.0 http://www.gratisexam.com/ IBM 000-038 IBM Tivoli Identity Manager V5.1 Fundamentals
More informationFastPass Password Manager
FastPass Password Manager Version 3.4.2 Document Title Document Classification Public Document Revision D Document Status Final Document Date April 23, 2012 The specifications and information in this document
More informationIBM Security Access Manager Version January Federation Administration topics IBM
IBM Security Access Manager Version 9.0.2.1 January 2017 Federation Administration topics IBM IBM Security Access Manager Version 9.0.2.1 January 2017 Federation Administration topics IBM ii IBM Security
More informationCounterACT User Directory Plugin
Version 6.1.2 and Above Table of Contents About the User Directory Plugin... 3 Endpoint User Details... 3 Verify Endpoint Authentication... 3 User Directory Inventory... 4 HTTP Login Action... 5 HTTP Sign
More informationDirectory Integration with VMware Identity Manager
Directory Integration with VMware Identity Manager VMware AirWatch 9.1 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a
More informationLotus Domino and Extended Products. Version Administrator's Guide G
Lotus Domino and Extended Products Version 6.5.1 Administrator's Guide G210-1747-00 Disclaimer THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. WHILE EFFORTS
More informationRealms and Identity Policies
The following topics describe realms and identity policies: About, page 1 Create a Realm, page 8 Create an Identity Policy, page 15 Create an Identity Rule, page 15 Manage a Realm, page 20 Manage an Identity
More informationKnowledge Happens. We Don t Use Databases. Integrating Oracle and Hadoop. Be Very Afraid. Much more inside... Vol. 27, No. 1 FEBRUARY 2013 $15
Vol. 27, No. 1 FEBRUARY 2013 $15 Knowledge Happens Be Very Afraid An eye-opening interview with the CTO of McAfee. See page 4. We Don t Use Databases Dream of freedom from the RDBMS. See page 16. Integrating
More informationZENworks Mobile Workspace. Integration Overview. Version June 2018 Copyright Micro Focus Software Inc. All rights reserved.
ZENworks Mobile Workspace Integration Overview Version 3.17.1 - June 2018 Copyright Micro Focus Software Inc. All rights reserved. Table of Contents Foreword..................................................................................
More informationTrueSight Capacity Optimization 10.x - LDAP Integration with Microsoft Active Directory. January 2017
TrueSight Capacity Optimization 10.x - LDAP Integration with Microsoft Active Directory January 2017 If you plan to use Capacity Views, or other views provided by TrueSight Presentation Server, don t waste
More informationMigrating application users and passwords with Password Manager
Migrating application users and passwords with Password Manager 2016 Hitachi ID Systems, Inc. All rights reserved. Contents 1 Introduction 1 2 Migrating Users 1 3 Initializing Passwords 2 4 Maintaining
More informationIBM Lotus Sametime Media Manager Cluster Deployment Walk-through Part VI- Bandwidth Manager IBM Corporation
IBM Lotus Sametime 8.5.2 Media Manager Cluster Deployment Walk-through Part VI- Bandwidth Manager Prerequisites for this part of the walk-through We've completed parts I, II, II, IV, and V Lotus Domino
More informationRealms and Identity Policies
The following topics describe realms and identity policies: Introduction:, page 1 Creating a Realm, page 5 Creating an Identity Policy, page 11 Creating an Identity Rule, page 15 Managing Realms, page
More informationPeoplePassword Documentation v6.0
PeoplePassword Documentation v6.0 Instructions to Configure and Use PeoplePassword v6.0, LLC Contents Overview... 3 Getting Started... 3 Components of PeoplePassword... 3 Core Components... 3 Optional
More informationLDAP Servers for AAA
This chapter describes how to configure LDAP servers used in AAA. About LDAP and the ASA, page 1 Guidelines for, page 5 Configure, page 5 Test LDAP Server Authentication and Authorization, page 9 Monitoring,
More informationRealms and Identity Policies
The following topics describe realms and identity policies: About, page 1 Create a Realm, page 8 Create an Identity Policy, page 14 Create an Identity Rule, page 15 Manage a Realm, page 17 Manage an Identity
More informationInstallation and Setup of IBM Lotus Sametime From Zero to Hero The Next Generation
Installation and Setup of IBM Lotus Sametime 8.5.1 From Zero to Hero The Next Generation Frank Altenburg Senior Field Support Engineer frank.altenburg@de.ibm.com Agenda Components of IBM Lotus Sametime
More informationSecurity Provider Integration LDAP Server
Security Provider Integration LDAP Server 2017 Bomgar Corporation. All rights reserved worldwide. BOMGAR and the BOMGAR logo are trademarks of Bomgar Corporation; other trademarks shown are the property
More informationRemote Authentication
Authentication Services, page 1 Guidelines and Recommendations for Providers, page 2 User Attributes in Providers, page 2 Two-Factor Authentication, page 4 LDAP Providers and Groups, page 5 RADIUS Providers,
More informationSECURING DOMINO LDAP. Open Mic June 10th 2015
SECURING DOMINO LDAP Open Mic June 10th 2015 AGENDA Background Domino Directory Assistance Domino LDAP Server Domino LDAP in a Post-Poodle World Questions 2 BACKGROUND We consider this presentation a continuation
More informationYour Auth is open! Oversharing with OpenAuth & SAML
Your Auth is open! Oversharing with OpenAuth & SAML Andrew Pollack Northern Collaborative Technologies 2013 by the individual speaker Sponsors 2013 by the individual speaker Who Am I? Andrew Pollack President
More informationOracle Cloud Using the Trello Adapter. Release 17.3
Oracle Cloud Using the Trello Adapter Release 17.3 E84579-03 September 2017 Oracle Cloud Using the Trello Adapter, Release 17.3 E84579-03 Copyright 2016, 2017, Oracle and/or its affiliates. All rights
More informationWeb Servers and Security
Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache has 49%; IIS has 36% (source: http://news.netcraft.com/archives/2008/09/30/
More informationZENworks 11 Support Pack 4 User Source and Authentication Reference. October 2016
ZENworks 11 Support Pack 4 User Source and Authentication Reference October 2016 Legal Notices For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions,
More informationNovell Access Manager
Setup Guide AUTHORIZED DOCUMENTATION Novell Access Manager 3.1 SP3 February 02, 2011 www.novell.com Novell Access Manager 3.1 SP3 Setup Guide Legal Notices Novell, Inc., makes no representations or warranties
More informationSynchronization Agent Configuration Guide
SafeNet Authentication Service Synchronization Agent Configuration Guide 1 Document Information Document Part Number 007-012848-001, Rev. E Release Date July 2015 Applicability This version of the SAS
More informationShow 201 Installation and Setup of IBM Lotus Sametime From Zero to Hero The Next Generation
Show 201 Installation and Setup of IBM Lotus Sametime 8.5.1 From Zero to Hero The Next Generation Frank Altenburg SME for Sametime IBM Volker Juergensen Senior IT Specialist IBM 2011 IBM Corporation Agenda
More informationIBM WebSphere Developer Technical Journal: Expand your user registry options with a federated repository in WebSphere Application Server V6.
IBM WebSphere Developer Technical Journal: Expand your user registry options with a federated repository in WebSphere Application Server V6.1 Using the Virtual Member Manager Skill Level: Intermediate
More informationTivoli Directory Integrator (TDI)
Tivoli Directory Integrator (TDI) The Best Free Tool You ve Never Heard Of Marie Scott Thomas Duffbert Duff 2010 by the individual speaker Sponsors 2010 by the individual speaker Agenda Introduction to
More informationLotus Business Solutions Catalogs
Integrating to the IBM Lotus family of products Lotus Business Solutions Catalogs Business Partner and IBM Solutions Industry (joint IBM & Partner) Solutions Tom Streeter, Business Development IBM Lotus
More informationStarTeam LDAP QuickStart Manager Administration Guide
StarTeam 15.1 LDAP QuickStart Manager Administration Guide Micro Focus The Lawn 22-30 Old Bath Road Newbury, Berkshire RG14 1QN UK http://www.microfocus.com Copyright Micro Focus 2016. All rights reserved.
More informationWeb Servers and Security
Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market (Apache has 70%; IIS has 20%) Both major servers have lots
More informationBlackBerry Enterprise Server for Microsoft Office 365. Version: 1.0. Administration Guide
BlackBerry Enterprise Server for Microsoft Office 365 Version: 1.0 Administration Guide Published: 2013-01-29 SWD-20130131125552322 Contents 1 Related resources... 18 2 About BlackBerry Enterprise Server
More informationVMware AirWatch Directory Services Guide Integrating your Directory Services
VMware AirWatch Directory Services Guide Integrating your Directory Services AirWatch v9.2 Have documentation feedback? Submit a Documentation Feedback support ticket using the Support Wizard on support.air-watch.com.
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationRSA Identity Governance and Lifecycle Collector Data Sheet For IBM Tivoli Directory Server
RSA Identity Governance and Lifecycle Collector Data Sheet For IBM Tivoli Directory Server Version 1.2 June 2017 1 Contact Information RSA Link at https://community.rsa.com contains a knowledgebase that
More informationHost Access Management and Security Server Administrative Console Users Guide. August 2016
Host Access Management and Security Server Administrative Console Users Guide August 2016 2016 Attachmate Corporation, a Micro Focus company. All rights reserved. No part of the documentation materials
More informationTips for Using the Integrated Solution Console (ISC) and Sametime System Console (SSC) with IBM Sametime
Tips for Using the Integrated Solution Console (ISC) and Sametime System Console (SSC) with IBM Sametime October 28, 2015 Miguel Macias, Sandy Lee, Casey Toole IBM Corporation 2015 1 Agenda Integrated
More informationOracle Advanced Security: Enterprise User Management. An Oracle Technical White Paper November 1999
Advanced Security: Enterprise User Management An Technical White Paper Advanced Security: Enterprise User Management THE CHALLENGES OF USER MANAGEMENT Some of the challenges faced by an enterprise today
More information1 GENERAL. Not all changes are related to the helpdesk specifically though.
6.0 1 GENERAL As a beta tester, you play a key role in the development of Lansweeper. A program with as many facets as Lansweeper requires thorough testing on all levels. You are actively doing just that
More informationImport Users From LDAP Directory
LDAP Synchronization Overview, page 1 LDAP Synchronization Prerequisites, page 3 LDAP Synchronization Configuration Task Flow, page 3 LDAP Synchronization Overview Lightweight Directory Access Protocol
More informationowncloud Android App Manual
owncloud Android App Manual Release 2.0.0 The owncloud developers December 14, 2017 CONTENTS 1 Using the owncloud Android App 1 1.1 Getting the owncloud Android App...................................
More informationAdministration for the Developer:
Administration for the Developer: Build and Secure Your Own IBM Lotus Domino Server Playground in an Hour! Jess Stratton, IBM Lotus Domino Consultant, Solace 2010 by the individual speaker Sponsors 2010
More informationSchoolBooking LDAP Integration Guide
SchoolBooking LDAP Integration Guide Before you start This guide has been written to help you configure SchoolBooking to connect to your LDAP server. Please treat this document as a reference guide, your
More informationOracle Fusion Middleware
Oracle Fusion Middleware Tutorial for Oracle Identity Management 11g Release 1 (11.1.1) E10276-01 May 2009 Oracle Fusion Middleware Tutorial for Oracle Identity Management, 11g Release 1 (11.1.1) E10276-01
More informationDriver for edirectory Implementation Guide
www.novell.com/documentation Driver for edirectory Implementation Guide Identity Manager 4.0.2 June 2012 Legal Notices Novell, Inc. makes no representations or warranties with respect to the contents or
More informationIntegrating With LDAP
This chapter contains the following sections: Overview, on page 1 Configuring LDAP to Work with the Spam Quarantine, on page 1 Creating the LDAP Server Profile, on page 2 Configuring LDAP Queries, on page
More informationTIBCO ActiveMatrix BusinessWorks Plug-in for LDAP Release Notes
TIBCO ActiveMatrix BusinessWorks Plug-in for LDAP Release Notes Software Release 7.0.0 January 2015 Two-Second Advantage 2 Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE.
More informationSynchronization Agent Configuration Guide
SafeNet Authentication Service Synchronization Agent Configuration Guide 1 Document Information Document Part Number 007-012848-001, Rev. B Release Date March 2015 Applicability This version of the SAS
More informationAuthenticating and Importing Users with AD and LDAP
Purpose This document describes how to integrate with Active Directory (AD) or Lightweight Directory Access Protocol (LDAP). This allows user authentication and validation through the interface. This is
More informationWPC-LDAP Integration Setup Guide
WPC-LDAP Integration Setup Guide 1 Table of Contents WPC-LDAP Integration Setup Guide -----------------------------------------------------------4 1. Introduction ---------------------------------------------------------------------------------------------4
More informationLotus IBM Lotus Virtual Classroom. Version Installation Guide G
Lotus IBM Lotus Virtual Classroom Version 1.1.2 Installation Guide G210-1900-00 Terms of Use Disclaimer THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY. WHILE
More informationIBM Lotus Quickr STEW Technical Overview
Lotus Worldwide Technical Sales IBM Lotus Quickr STEW Technical Overview 2007 IBM Corporation Agenda Section 1 Installing Quickr Services for Lotus Domino Configuring Quickr Services for Lotus Domino Section
More informationExam Name: IBM Certified System Administrator - WebSphere Application Server Network Deployment V7.0
Vendor: IBM Exam Code: 000-377 Exam Name: IBM Certified System Administrator - WebSphere Application Server Network Deployment V7.0 Version: Demo QUESTION 1 An administrator would like to use the Centralized
More informationNovell OpenLDAP Configuration
Novell OpenLDAP Configuration To access the GoPrint Novell e-directory LDAP Connector configuration screen navigate to: Accounts Authentication Connectors GoPrint provides two connector options, Standard
More informationOne of the fundamental kinds of websites that SharePoint 2010 allows
Chapter 1 Getting to Know Your Team Site In This Chapter Requesting a new team site and opening it in the browser Participating in a team site Changing your team site s home page One of the fundamental
More informationGrandstream Networks, Inc. LDAP Configuration Guide
Grandstream Networks, Inc. Table of Contents INTRODUCTION... 4 LDAP SERVER CONFIGURATION... 5 LDAP PHONEBOOK... 6 Access the Default Phonebook DN... 6 Add a New Phonebook DN... 7 Add contacts to Phonebook
More informationConfiguration Guide. BlackBerry UEM Cloud
Configuration Guide BlackBerry UEM Cloud Published: 2018-04-18 SWD-20180411125526296 Contents About this guide... 7 Getting started... 8 Configuring BlackBerry UEM Cloud for the first time... 8 Administrator
More informationF5 BIG-IQ Centralized Management: Licensing and Initial Setup. Version 5.1
F5 BIG-IQ Centralized Management: Licensing and Initial Setup Version 5.1 Table of Contents Table of Contents BIG-IQ System Introduction...5 About BIG-IQ System Management...5 About secure communication
More informationIBM Intelligent Operations Center Password Management
IBM Intelligent Operations Center Password Management ii IBM Intelligent Operations Center Password Management Contents Chapter 1. Managing user and system passwords............. 1 Chapter 2. Configuration
More informationThe LDAP Protocol. Agenda. Background and Motivation Understanding LDAP
The LDAP Protocol Agenda Background and Motivation Understanding LDAP Information Structure Naming Functions/Operations Security Protocol Model Mapping onto Transport Services Protocol Element Encoding
More informationAdministration Of Active Directory Schema Attribute Greyed Out
Administration Of Active Directory Schema Attribute Greyed Out 50 out of 61 rated this helpful - Rate this topic The attributes and classes in Active Directory are stored in the schema partition as directory
More informationOpen Mic Webcast. Troubleshooting Sametime Policies
Open Mic Webcast Troubleshooting Sametime Policies Date: March 30, 2016 Speaker: Sandy Lee Panelist: Casey Toole, Jennifer Isola-Mayes and Nancy Pittman Troubleshooting Sametime Policies 2 Agenda What
More informationGoogle Search Appliance Connectors
Google Search Appliance Connectors Deploying the Connector for LDAP Google Search Appliance Connector for LDAP software version 4.1.0 Google Search Appliance software versions 7.2 and 7.4 August 2015 Table
More informationsoftware Lotus LearningSpace - Virtual Classroom V1.1 Installation Guide
software Lotus LearningSpace - Virtual Classroom V1.1 Installation Guide COPYRIGHT Disclaimer THIS DOCUMENTATION IS PROVIDED FOR REFERENCE PURPOSES ONLY. WHILE EFFORTS WERE MADE TO VERIFY THE COMPLETENESS
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 6 Release 1 System i Security Digital Certificate Manager Version 6 Release 1 Note Before using this information and the product it supports, be sure
More information