EnterpriseLink and LDAP

Similar documents
OneLogin Integration User Guide

Protect My Ministry Integrated Background Checks for Church Community Builder

Importing Existing Data into LastPass

Multi Factor Authentication & Self Password Reset

Configuring Web Server Devices

MANTRA REGISTERED DEVICE SERVICE WINDOWS MANTRA SOFTECH INDIA PVT LTD

To access EasyIEP, you must have a user name and a unique password.

2-STEP AUTHENTICATION SETUP For Office 365

SchoolBooking LDAP Integration Guide

User Guide. Version R92. English

ZENworks Service Desk 8.0 Using ZENworks with ZENworks Service Desk. November 2018

Locate your Advanced Tools and Applications

Adobe Connect Pro Building Block. Install Guide

Setting Up Resources in VMware Identity Manager

ios BYOD Wireless Instructions

[Outlook Configuration Guide]

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. PingIdentity PingFederate 8

Certificate Management

XIA Configuration Server

DSS User Guide. End User Guide. - i -

Getting Started with Soonr

Two factor authentication for F5 BIG-IP APM

Hosting with Eduphoria

How to social login with Aruba controller. Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00

Amazon AppStream 2.0: SOLIDWORKS Deployment Guide

Oracle9iAS Unified Messaging

Procedure for Connecting to OIL VPN

Accops HyWorks v3.0. Quick Start Guide. Last Update: 4/25/2017

OOOCTA Version 4.1. Installation and Users Guide.

Using ZENworks with Novell Service Desk

The Directory Schema Is Not Accessible Because The Logon Attempt Failed

Protect My Ministry Integrated Background Checks for Fellowship One

TestOut EduApp Integration Guide

USPS USPS Provisioning Services

What is VMware View. IMPORTANT: Connecting from Off-Campus. Connecting to View Desktops. Downloading the Client

EASY PROJECT INTEGRATION HANDBOOK

Administrator Manual

Administering Cloud Pod Architecture in Horizon 7. Modified on 4 JAN 2018 VMware Horizon 7 7.4

Paperspace. Deployment Guide. Cloud VDI. 20 Jay St. Suite 312 Brooklyn, NY Technical Whitepaper

INSTALLATION & CONFIGURATION SSO

RSA SecurID Ready Implementation Guide. Last Modified: December 13, 2013

Studywiz Extractor Installation Guide SIMS Multi-School

citrix MetaFrame Password Manager2.0:Adminsitration

Multi-factor Authentication Instructions

MANTRA REGISTERED DEVICE SERVICE WINDOWS MANTRA SOFTECH INDIA PVT LTD

Set Up VPN Access on Your AHC Supported Device

Important Information

Setting Up Resources in VMware Identity Manager. VMware Identity Manager 2.8

Set Up VPN Access on Your Personal Device

Dolby Conference Phone 3.1 configuration guide for West

vcenter Server Installation and Setup Modified on 11 MAY 2018 VMware vsphere 6.7 vcenter Server 6.7

SpiraTeam Help Desk Integration Guide Inflectra Corporation

SCOUTS AUSTRALIA NSW SCREEN CAPTURE TOUR DOCUMENT MANAGEMENT INTRANET TRAINING

Using SSL/TLS with Active Directory / LDAP

MFA (Multi-Factor Authentication) Enrollment Guide

1 Setting Up Your Auto Login Link in Windows

NTP Software VFM. Administration Web Site for EMC Atmos User Manual. Version 6.1

Channel Builder in My UC Davis. Requirements:

User Guide. Version R94. English

The system has several front-end content discovery options. Here are examples of their interfaces (see more on our site at

Technical Overview. Access control lists define the users, groups, and roles that can access content as well as the operations that can be performed.

NTP Software VFM. Administration Web Site for Atmos. User Manual. Version 5.1

Access COTY PROSPER database Computer Setup Instructions

New World ERP-eSuite

PST for Outlook Admin Guide

Welcome to Database Exporter for SharePoint

akkadian Provisioning Manager Express

VMware Enterprise Systems Connector Installation and Configuration. JULY 2018 VMware Identity Manager 3.2 VMware Identity Manager VMware AirWatch 9.

Lightweight Directory Access Protocol (LDAP)

NovaBACKUP xsp Version 13.1 Upgrade Guide

AvePoint Governance Automation 2. Release Notes

Configuration Guide. Requires Vorex version 3.9 or later and VSA version or later. English

Building Block Installation - Admins

Google Identity Services for work

Installing and Configuring VMware Identity Manager Connector (Windows) OCT 2018 VMware Identity Manager VMware Identity Manager 3.

BACKUP APP V7 CLOUUD FILE BACKUP & RESTORE GUIDE FOR WINDOWS

Initial Login and Setup Instructions. Verifying your Family Information

Enforced Client Policy & Reporting Server (EPRS) 2.3. Administration Guide

Cisco ACI vcenter Plugin

<Partner Name> <Partner Product> RSA SECURID ACCESS Implementation Guide. Pulse Connect Secure 8.x

Chime for Lync High Availability Setup

DocAve 6 SharePoint Migrator

IBM Tivoli Identity Manager Active Directory Reverse Password Synchronization Supplemental

OKTA users provisioning for Vable platform

Change Schema Active Directory Password Mac Users Can't

Click Studios. Passwordstate. Remote Session Launcher. Installation Instructions

Faculty Web Page Management System. Help Getting Started

Desktop and Professional Editions

VMware vcloud Air User's Guide

ACS 5.x: LDAP Server Configuration Example

Creating a Web Page using KompoZer

NTP Software VFM Administration Web Site For Microsoft Azure

akkadian Provisioning Manager Express

MITSUBISHI ELECTRIC DIAMONDLINK V3.0 User s Manual

Integrating IBM Security Privileged Identity Manager with ObserveIT Enterprise Session Recording

Installing and Configuring Extension Mobility Using Either: Extended Services 2.2; CRA 2.2 or CRS 3.0(2) and CallManager 3.2

How to Edit General Institutional Preferences

ServiceNow Deployment Guide

Oracle Application Express

In order to use Redborne Remote Services you must have at least the minimum specification:-

Transcription:

Case Requirement A client has an EnterpriseLink application and wishes to utilize their Linux LDAP server to validate Users against, then use the EnterpriseLink feature of pooled logons to the mainframe. This will provide a single verification point using the Linux OpenLDAP, then an automatic logon via EnterpriseLink to the mainframe application once validated. The Solution The diagram below shows how the EnterpriseLink Server can connect with the Linux OpenLDAP service through Microsoft Active Directory Server for validation. Once this has been achieved and the user is validated, EnterpriseLink can then get an ID from the user pool database to logon to the Mainframe. Also shown below is an example, using a Student ID, of passing an extra variable from the LDAP info to EnterpriseLink. LDAP Authentication and Student ID Variable passing Installing an Active Directory Server to Talk with the Linux OpenLDAP Server Window 2000 Server comes complete with an Active Directory Server that can be configured to use an external LDAP server. The process to start this installation is shown below. NOTE: A Systems Administrator must be present since installing this on a machine connected to a Network means it can actually take over as the Primary domain control, thus disabling the entire Network. 1. Start Programs 2. Go to Settings 3. Go to Control Panel 4. 5. Select Administrative Tools 6. Configure Your Server 7. Go to Active Directory (3rd Link on left panel) 8. Start Active Directory Wizard Set the Microsoft Active Directory to authenticate using an External LDAP server, i.e., the OpenLDAP on the Linux box. Page 1 of 6

Once this has been installed and configured all authentication will be done by the OpenLDAP server on the Linux box. OpenLDAP The OpenLDAP may be downloaded from openldap.org for free (since it is part of opensource organization) and installed either on a Linux or a UNIX system. Setting up a User Pool on EnterpriseLink for Pooled Logons to the Mainframe User Pooling Setup within EnterpriseLink - there is an example in the default database when the product is installed. This may be found in the TimeCard auto Logon app. 1. Open the EnterpriseLink default website and click Administrative Site. 2. Click Projects, then in the project list click EDIT on the project you wish to add user pooling. 3. The screen below will appear, in the Security Mapping selectlist choose 'Web User to Host Logon Mapping & Host Logon ID Pooling.' This will add user pooling to the application. Page 2 of 6

4. Open the EnterpriseLink Builder and the desired Project. 5. A New Folder appears called Certificate Features. Open this folder and click on Certificate Fields. The blue popup Certificates Fields window will open as shown. 6. Open the web page where the Mainframe expects the Username and Password to be entered. Drag the Username from the Blue window above on to the Username on the web page to make the association. Do the same for the Password field from the blue screen. 7. Save and Close Builder. 8. Setup the user pool database as described below. Configuration of a User Pool Database for EnterpriseLink Applications Once the OpenLDAP Linux server has authenticated the user, the Active Directory Server has the green light. This activates the IIS web server to initiate the Enterpriselink application. The application references the Logon page and goes to the User Pool for a UserID and Pwd to connect to the Mainframe. A username and password database must be populated by an Administrator. Setting up username and password database for the Mainframe Pool of users 1. Go to Remote admin in the Default EnterprsieLink web page and click on Security Mapping Here you will see the ability to Add Delete Update and View all the entries of the User Pool. Page 3 of 6

2. Add each user to the User Pool database via the webpage pictured below. NOTE: This could be done via a command line or export the list from the mainframe with a written script to populate each entry. Once this has been done the process is complete. Through this page, users may also be viewed and updated. Page 4 of 6

3. View all User Pool entries - each user entered may be viewed via this webpage interface. Passing an extra variable from the LDAP server to EnterpriseLink In this case study, an extra field/variable from the LDAP server was required. The Username and Password, as we have already seen, are passed via the Active Directory Server using the security features of each. In order to pass the extra variable - the example used is a StudentID, another way had to be selected. This can be achieved in two ways. 1. Using Python to interact with the OpenLDAP API A Python script could be written that will access the OpenLDAP's API. This requires Page 5 of 6

knowledge of the API code and the ability to write Python to interact with it. The Python code will access the OpenLDAP API, read the Student ID and pass this to the EnterpriseLink web page via Python Variable substitution. 2. Using the new feature of EnterpriseLink 4.0 to pass name and value pairs This feature of EnterpriseLink v4.0 allows extra CGI parameters to be passed on the URL in Name and Value pairs, i.e., 'StudentID' is the Name and 'mark' is the Value. For example, 'http://localhost/stscripts/run.stn/timecard/nmlogon?studentid=mark' More name value pairs can be added simply by placing & between them. For example,. 'http://localhost/stscripts/run.stn/hollis/nlogon?studentid=mark&quest=yes' Again the diagram below shows the two solutions - this was cut form the main diagram. 3. Once the Student ID number is retrieved, it can then be placed into a field on the Enterpriselink Logon web page and submitted to the Mainframe. The mainframe app will use the value sent and be able to return records based upon this ID number, thus giving the user a point of authentication and the return of their personalized information. Glossary of Terms LDAP (Lightweight Directory Access Protocol) http://ask.yahoo.com/ask/20000414.html LDAP lets you "locate organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on a corporate intranet," and whether or not you know the domain name, IP address, or geographic whereabouts. An LDAP directory can be distributed among many servers on a network, then replicated and synchronized regularly. An LDAP server is also known as a Directory System Agent (DSA). Thus in the School Board case they are using LDAP to verify Username/Pwds. Open Source http://www.opensource.org/ Open source is, basically, volunteer Programmers working together over the Internet to create free software., Organized teams are able to improve software and maintain and fix bugs quickly. Examples of open source projects are Linux, Python, etc. ( Netscape also released the source code for the Netscape Browser about two years ago.) The School Board is using the LDAP server from openldap.org which is just another site dedicated to creating free software. Active Directory Server http://www.microsoft.com/windows2000/technologies/directory/ad/default.asp Active Directory is an essential component of the Windows 2000 architecture. It presents organizations with a directory service designed for distributed computing environments. Active Directory allows organizations to centrally manage and share information on network resources and users while acting as the central authority for network security. In addition to providing comprehensive directory services to a Windows environment, Active Directory is designed to be a consolidation point for isolating, migrating, centrally managing and reducing the number of directories that companies require.api (Application Programmers Interface)http://www.webopedia.com/TERM/A/API.htmlAn API enables the functionality of one product to integrate and interact seamlessly with the functionality of another product. It provides Programmers with a common interface between two or more applications. Page 6 of 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback