MFT Internet Server/Command Center

Similar documents
How To Use Libap With A Libap Server With A Mft Command Center And Internet Server

Admin Quick Start Guide

How To Login To The Mft Internet Server (Mft) On A Pc Or Macbook Or Macintosh (Macintosh) With A Password Protected (Macbook) Or Ipad (Macro) (For Macintosh) (Macros

TIBCO Slingshot User Guide

TIBCO Silver Fabric Continuity User s Guide

MFT Platform Server for Windows

TIBCO Enterprise Administrator Release Notes

TIBCO Foresight Operational Monitor

TIBCO MFT Internet Server with RocketStream User Guide. Software Release April 2014

TIBCO ActiveMatrix BusinessWorks Plug-in for sftp Release Notes

TIBCO ActiveMatrix BusinessWorks Plug-in for TIBCO Managed File Transfer Software Installation

TIBCO ActiveMatrix BusinessWorks Plug-in for Microsoft SharePoint Release Notes

TIBCO Administrator User s Guide. Software Release March 2012

TIBCO Rendezvous Network Server Glossary

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual

TIBCO Spotfire Metrics Modeler User s Guide. Software Release 6.0 November 2013

TIBCO Hawk SNMP Adapter Installation

TIBCO ActiveMatrix BPM SOA Development Tutorials

TIBCO BusinessConnect Trading Partner Administration. Software Release 6.0 November 2011

TIBCO NimbusTM. Classic Web Server Branding. Software Release October 2015

TIBCO Spotfire Automation Services 6.5. Installation and Deployment Manual

TIBCO Runtime Agent Authentication API User s Guide. Software Release November 2012

TIBCO Spotfire Automation Services Installation and Configuration

TIBCO Spotfire Automation Services 6.5. User s Manual

TIBCO ActiveMatrix BPM - Integration with Content Management Systems

TIBCO BusinessConnect Plug-in for SSH Server Release Notes. Software Release May 2012

TIBCO Spotfire Metrics Prerequisites and Installation

Content Filtering Client Policy & Reporting Administrator s Guide

TIBCO FTL Glossary. Software Release 4.3 November Two-Second Advantage

TIBCO ActiveMatrix BusinessWorks Process Monitor Server. Installation

TIBCO FTL Installation

CA Performance Center

TIBCO Spotfire Web Player Release Notes

fåíéêåéí=péêîéê=^çãáåáëíê~íçêûë=dìáçé

Version 9. Active Directory Integration in Progeny 9

TIBCO Spotfire Server Migration. Migration Manual

TIBCO ActiveMatrix BPM Integration with Content Management Systems Software Release September 2013

Configuring User Identification via Active Directory

TIBCO LogLogic ITIL and ITSM Compliance Suite Release Notes

TIBCO FTL Release Notes

TIBCO ActiveMatrix BusinessWorks Plug-in for Big Data Release Notes

TIBCO Reward Release Notes August 2015

Setup Guide Access Manager 3.2 SP3

TIBCO Runtime Agent Domain Utility User s Guide Software Release November 2012

TIBCO MFT Platform Server for IBM i User Guide. Software Release April 2013

TIBCO Fulfillment Provisioning Session Layer for FTP Installation

Jobs Guide Identity Manager February 10, 2012

TIBCO Rendezvous Administration. Software Release July 2010

Application Note. Gemalto s SA Server and OpenLDAP

TIBCO Foresight EDISIM

TIBCO NimbusTM. Office Integration Server. Software Release October 2015

TIBCO LogLogic PCI Compliance Suite Release Notes

Getting Started with Clearlogin A Guide for Administrators V1.01

TIBCO ActiveMatrix Management Agent for WCF Samples. Software Release July 2009

TIBCO ActiveMatrix BusinessWorks Plug-in for Microsoft SharePoint User s Guide

TIBCO ActiveMatrix Adapter for LDAP Configuration and Deployment. Software Release 6.0 August 2010

Integration Guide. SafeNet Authentication Service. Using SAS with Web Application Proxy. Technical Manual Template

XenClient Enterprise Synchronizer Installation Guide

Synchronization Agent Configuration Guide

Using LDAP Authentication in a PowerCenter Domain

SCOPTEL WITH ACTIVE DIRECTORY USER DOCUMENTATION

By the Citrix Publications Department. Citrix Systems, Inc.

Sophos Mobile Control Super administrator guide. Product version: 3

LDAP User Guide PowerSchool Premier 5.1 Student Information System

TIBCO Managed File Transfer Platform Server for UNIX Release Notes

Configuring IBM Cognos Controller 8 to use Single Sign- On

Authorized Send Installation and Configuration Guide for imagerunner ADVANCE Machines Version 4.1

TIBCO Spotfire Server Deployment and Administration

Authorized Send Installation and Configuration Guide Version 4.0

TIBCO ActiveMatrix BusinessWorks SmartMapper Plug-in Release Notes

TIBCO MFT Platform Server for Windows User Guide. Software Release March 2012

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

Sample Configuration: Cisco UCS, LDAP and Active Directory

LDAP Synchronization Agent Configuration Guide for

Sophos Mobile Control as a Service Startup guide. Product version: 3.5

CA Nimsoft Service Desk

CaseWare Time. CaseWare Cloud Integration Guide. For Time 2015 and CaseWare Cloud

HP Device Manager 4.7

Deploying NetScaler Gateway in ICA Proxy Mode

TIBCO ActiveMatrix BusinessWorks Plug-in for Big Data User s Guide

Quality Center LDAP Guide

TIBCO Spotfire Statistics Services Installation and Administration Guide. Software Release 5.0 November 2012

CA Identity Manager. Glossary. r12.5 SP8

TIBCO Business Studio ActiveMatrix Decisions Add-in Tutorial

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

NETASQ ACTIVE DIRECTORY INTEGRATION

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor

Long User ID and Password Support In JD Edwards EnterpriseOne

CA Spectrum and CA Embedded Entitlements Manager

HP IMC Firewall Manager

Copyright 2012 Trend Micro Incorporated. All rights reserved.

TIBCO ActiveMatrix BPM Single Sign-On

Google Docs Print. Administrator's Guide

Application Note. Citrix Presentation Server through a Citrix Web Interface with OTP only

Contents Notice to Users

CA Technologies SiteMinder

VOIP-500 Series Phone CUCM 8.0.3a Integration Guide

StreamServe Persuasion SP5 Control Center

TIBCO BusinessConnect EDI Protocol powered by Instream X12 Configuration

Web Remote Access. User Guide

Transcription:

MFT Internet Server/Command Center September 17, 2010 Administrators Guide LDAP Integration Guide Version 7.0 Version 7.0 September 24, 2010 Updated: December 20, 2010

Documentation Information MFT Command Center LDAP Integration Guide Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE LICENSE FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIBCO, The Power of Now, TIBCO Managed File Transfer, TIBCO Managed File Transfer Command Center, TIBCO Managed File Transfer Internet Server, TIBCO Managed File Transfer Platform Server, TIBCO Managed File Transfer Platform Server Agent, Edge Server, RocketStream Accelerator, and Slingshot are either registered trademarks or trademarks of TIBCO Software Inc. or its subsidiaries in the United States and/or other countries. EJB, Java EE, J2EE, and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other countries. All other product and company names and marks mentioned in this document are the property of their respective owners and are mentioned for identification purposes only. THIS SOFTWARE MAY BE AVAILABLE ON MULTIPLE OPERATING SYSTEMS. HOWEVER, NOT ALL OPERATING SYSTEM PLATFORMS FOR A SPECIFIC SOFTWARE VERSION ARE RELEASED AT THE SAME TIME. THIS DOCUMENT IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. THIS DOCUMENT COULD INCLUDE TECHNICAL INACCURACIES OR TYPOGRAPHICAL ERRORS. CHANGES ARE PERIODICALLY ADDED TO THE INFORMATION HEREIN; THESE CHANGES WILL BE INCORPORATED IN NEW EDITIONS OF THIS DOCUMENT. TIBCO SOFTWARE INC. MAY MAKE IMPROVEMENTS AND/OR CHANGES IN THE PRODUCT(S) AND/OR THE PROGRAM(S) DESCRIBED IN THIS DOCUMENT AT ANY TIME. THE CONTENTS OF THIS DOCUMENT MAY BE MODIFIED AND/OR QUALIFIED, DIRECTLY OR INDIRECTLY, BY OTHER DOCUMENTATION WHICH ACCOMPANIES THIS SOFTWARE, INCLUDING BUT NOT LIMITED TO ANY RELEASE NOTES AND "READ ME" FILES. TIBCO Managed File Transfer Internet Server with RocketStream Accelerator is entitled TIBCO Managed File Transfer Internet Server in certain other product documentation and in user interfaces of the product. Copyright 1995-2010 TIBCO Software Inc. ALL RIGHTS RESERVED. TIBCO Software Inc. Confidential Information TIBCO welcomes your comments on this publication. Please address your comments to: TIBCO Software Inc. 200 Garden City Plaza Garden City, New York 11530 USA Technical Support: +1 (516) 535-3636 Technical Support E-mail: proginetsupport@proginet.com Web site: http://www.tibco.com When you send information to TIBCO, you grant TIBCO a non-exclusive right to use or distribute the information in any way TIBCO believes appropriate without incurring any obligation to you. 2 Copyright TIBCO Software Inc. 2003 2010. All Rights Reserved.

MFT Command Center LDAP Integration Guide Document Information Using LDAP with MFT Command Center The MFT Command Center (MFT Command Center) product supports a standardized method of using LDAP for MFT Command Center User Authentication and Right Management. This guide lays out the proposed model for using the MFT Command Center enterprise application with an LDAP server in conjunction with the regular MFT Command Center database. OVERVIEW... 4 AUTHENTICATION... 5 Types of LDAP Integration... 5 PRE-REQUISITES... 6 ADDING AN LDAP AUTHENTICATOR... 7 SYNCHRONIZATION... 10 SYNCHRONIZATION BY AN ADMINISTRATOR... 10 SYNCHRONIZATION BY USER LOGIN... 11 AUTOMATIC SYNCHRONIZATION... 11 MANAGE LDAP AUTHENTICATORS... 12 Copyright TIBCO Software Inc. 2003 2010. All Rights Reserved. 3

Overview MFT Command Center LDAP Integration Guide Overview J2EE Application Server Client Browser 1 User Registry 3 CFI Enterprise Application Firewall 2 4 5 LDAP SERVER CFI DATABASE The above diagram is a high level overview of the utilization of the LDAP server for the MFT Command Center enterprise application. Several proposed solutions corresponding to the diagram above diagram follow: 1. A client browser makes an HTTPS connection to the J2EE server hosting the MFT Command Center application. The J2EE server determines the authentication methods configured for this MFT Command Center installation and requests that the client s web browser asks the user for his credentials. The client browser collects the user s information and forwards it to the J2EE server. 2. The J2EE server uses its built-in or custom User Registry to match or reject a user s credentials against the configured LDAP server. 3. If a user has been successfully authenticated against LDAP server, the J2EE server instantiates the appropriate MFT Command Center resource to handle the user s request and forwards it to the MFT Command Center enterprise application. 4. The MFT Command Center enterprise application will use the regular MFT Command Center database for all operations except Users and Rights functionalities. 5. If the MFT Command Center application will not be using the LDAP server solely for authentication purposes, all add/delete operations for MFT Command Center Users and Rights must be performed by an LDAP administrator, using LDAP server management fields. Since the default LDAP schema does not support all MFT Command Center fields, MFT extends the LDAP User and Group fields by using the MFT Command Center database. 4 Copyright TIBCO Software Inc. 2003 2010. All Rights Reserved.

MFT Command Center LDAP Integration Guide Overview Authentication The J2EE server is responsible for performing the actual authentication of a user s credentials. All major J2EE servers provide various methods of integrating a custom user database into the server s security framework. Additionally, most J2EE servers can be configured to use the underlying operating system s user database. The J2EE server s authentication framework will utilize built-in or a provided custom registry class to communicate to the LDAP server and obtain the required user s information and the rights assigned to the user. After passing the authentication through the LDAP server, MFT will utilize the regular MFT database. Types of LDAP Integration MFT Command Center enterprise application supports LDAP v 3 protocol and has the following options for LDAP support: 1. LDAP User Synchronization and Authentication The MFT application uses LDAP for user synchronization and authentication purposes only. MFT determines that a user is a MFT user by their membership in an LDAP Sync Group. This group is specified in the field Sync Group DN within the LDAP Authenticator Properties in MFT Command Center. This manual will use a group called SyncRight in the examples. MFT will synchronize user definitions from the directory server to the default MFT Database. The MFT application cannot add or delete any users on the LDAP server. All LDAP sync d user fields are managed through the LDAP server. MFT will synchronize information from the directory server to the MFT database. The user will have a duplicate account in the MFT database matching that of the LDAP server entry. 2. LDAP Right Management (Optional) Under this configuration the MFT application uses an LDAP server for authentication as well as user right management. Same as above The LDAP server must be pre-configured to contain the MFT Rights (specified as LDAP groups) and associate MFT users with those rights. Under this configuration, the MFT application will use the user definitions in the default MFT Command Center Database to extend the LDAP User and Group attributes. Rights that are not enabled to be managed through the LDAP server can still be granted and revoked from MFT Command Center. Copyright TIBCO Software Inc. 2003 2010. All Rights Reserved. 5

Prerequisites MFT Command Center LDAP Integration Guide Pre-requisites MFT provides easy integration with LDAP which can be configured from the MFT Command Center Administrative screens. To allow MFT to Authenticate and Synchronize with an LDAP server you must configure a few items on the LDAP server and have certain information and credentials readily available. 1) You must know the Host information such as the IP and Port of the LDAP server(s) you will be authenticating to. 2) You must know the Bind User DN and Password. 3) You must have a container such as an OU, or group which contains the specific users to be sync d with the MFT database; for example CN=SyncRight would contain all users which will sync with MFT. 4) You must know the User Base DN and Group Base DN where the Sync Group is located. Note: When using non-ad servers; groups must contain the object class groupofuniquenames, and users must contain the object class inetorgperson. 6 Copyright TIBCO Software Inc. 2003 2010. All Rights Reserved.

MFT Command Center LDAP Integration Guide Adding an LDAP Authenticator Adding an LDAP Authenticator In order to synchronize the MFT database through LDAP, you must configure the LDAP authenticator from MFT Command Center. Navigate to Management > Authenticators > Add Authenticators. On the Add Authenticator page you will see the Authenticator Properties form. The first section that needs to be configured is Authenticator. The table below defines the parameters for the section. Parameter Name Type Enabled Definition This is the unique name of the LDAP Authenticator in MFT and is used as the prefix to the user id followed by a dash when it is pulled in from the LDAP server. Ex. LDAPServer-john.doe Warning: This field cannot be modified later. The type of directory where LDAP is pulling the user and role credentials from such as Active Directory, edirectory, Sun Directory Server and others. Enables or Disables this LDAP Authenticator. If this box is disabled all users connected to this LDAP server will no longer be able to connect to the MFT server. Disabled users will lose TransferRight and show LDAP status as Inactive on the User Properties page in MFT Command Center. The next section is LDAP Connectivity which defines the parameters necessary to connect to the directory server and pull in the user and role information for synchronizing. Parameter Host Name/IP Address Bind User DN Bind Password Confirm Password Port Use SSL Definition Host Name or IP Address of the LDAP server. The distinguished name (DN) required for authenticating to the LDAP Server. The password associated with the defined Bind User. Confirmation for the password associated with the defined Bind User. The default LDAP port used by the LDAP server. The default for Non-SSL requests is 389 and port 636 for SSL. If the LDAP server you are connecting to is using SSL you must enable this option. The next section which needs to be configured is the LDAP Search. This section defines the location of the sync group and the users which will be synced into the MFT Database. Copyright TIBCO Software Inc. 2003 2010. All Rights Reserved. 7

Adding and LDAP Authenticator MFT Command Center LDAP Integration Guide Parameter User Base DN Sync Group DN Search Filter Search Scope Definition The base in the directory tree where users are defined. The levels searched below this base depend on the Search Scope parameter The fully qualified name of the container on the directory server which will be used to associate the users with MFT. Only users who are inside this container will be synchronized with the Database. The LDAP Search Filter allows you to be more selective of the user objects returned during an LDAP search; it can be used instead of, or in addition to the Sync Group DN. Syncing unnecessary LDAP objects with the MFT Server can be avoided when using an appropriate search filter. For example to sync all users from Active Directory with mail accounts the filter string would be: (&(objectclass=user)(mail=*)). If you do not wish to use a specified filter to search for users you should change the value to read (objectclass=user). Contact your directory server administrator for more details on constructing LDAP Search Filters. The directory levels below the Base DN that LDAP will search. SUBTREE_SCOPE - defines that all levels below the Base DN will be searched. This is the default value and should be used by most users. ONELEVEL_SCOPE - defines that only the level defined by the Base DN will be searched. OBJECT_SCOPE - defines that only the object defined by the Base DN and the Search Filter will be searched. The next section is the LDAP attributes, these are the fields that LDAP reads from the directory server in order to pull in the correct information. The predefined values in this section should be confirmed with the directory server administrator. The last section on the Add Authenticator page is Right Management. Here you can enable the rights you want to be managed using the LDAP server. MFT Command Center users can be assigned various rights which allow them different capabilities. The most popular of these rights is the TransferRight, without this right assigned to a user; they can not perform file transfers. Some LDAP environments may want to control which users are assigned this right and other rights from the LDAP server. Once the right is enabled for management through the LDAP server it cannot be granted or un-granted from MFT Command Center. A group with the name which is specified on the LDAP Group Name field must exist on the directory server and the users granted this right must be members of the group. 8 Copyright TIBCO Software Inc. 2003 2010. All Rights Reserved.

MFT Command Center LDAP Integration Guide Adding an LDAP Authenticator Parameter Right Group Base DN Enable Right Name LDAP Group Name Definition The location in the directory tree of the OU which contains the MFT Rights When the Enable box is checked, that right will be managed on the defined LDAP server. The right as it is recognized by MFT. The name of the group on the LDAP server which will be associated with the right in MFT, this can be the same as the Right Name or be specified as a different group name. The LDAP Group Name specified in the field should match the group name on the directory server. Once the configurations have been completed click the Add button and the authenticator will be added to the system. Now it is possible to synchronize users and rights from the directory sever through LDAP. If no rights are enabled for the authenticator, the users will be added to the MFT database without any rights when the LDAP sync is performed; it is the responsibility of the administrator to assign the rights from MFT Command Center. The next section describes the process of synchronizing with the LDAP Authenticator. Copyright TIBCO Software Inc. 2003 2010. All Rights Reserved. 9

Manage LDAP Authenticators MFT Command Center LDAP Integration Guide Synchronization In order to view and manage LDAP users from MFT Command Center; synchronization is necessary to add the users to the Database or update any LDAP managed fields that have changed. By default synchronization to the MFT database will pull in the directory user s User Id, Full Name, and Email Address for those contained in the LDAP sync group, as well as any rights assigned to the user if Rights Management is enabled on the authenticator. MFT has three methods for a synchronization to take place. Synchronization by an Administrator: In this case synchronization is done manually by a Super Administrator. In order to synchronize, log into MFT Command Center Administration and navigate to: Management > LDAP Sync This form gives two options for synchronizing. The administrator can sync a single user or all users across all active authenticators. Sync User: To synchronize a particular user, select the Sync User option, type in the user id you wish to sync with in the UserId field and then click the Sync button. You should see the following: *Note that the userid must be defined in the format xxxxx-userid where xxxxx is the Authenticator Name defined in the LDAP Authenticator pages. Sync All Users: To synchronize all users, select Sync All Users and click the Sync button. All the users found in the sync groups across all active authenticators will be synchronized with the MFT Database. The total amount of LDAP users and rights (if enabled) synchronized will be displayed at the top of the screen. 10 Copyright TIBCO Software Inc. 2003 2010. All Rights Reserved.

MFT Command Center LDAP Integration Guide User Synchronization Synchronization by User Login: MFT has the capability to synchronize an LDAP userid during their log on process to the server. A user who has not yet been synchronized will be added or updated in the database when they login using their domain log on and password, for example: Domain\userid. If rights management is enabled on the authenticator the user will be assigned their corresponding rights. Automatic Synchronization: The final way for a synchronization to take place is to be done automatically by the system. Automatic synchronization can be managed from Management > System Configurations > Global Settings in the LDAP Settings section. Parameter Sync Server Host Name Sync Server Start Time Definition The name of the host which will start the synchronization process. If this parameter is set to Disabled, synchronization will not be done automatically. The time of day the synchronization process will begin. *Note: Some changes made to the LDAP Settings section will not take effect until after the application server is restarted. If for any reason a user fails to be synchronized you can find further information on the cause by reading the ldap_sync_report_messages-cfcc-xxxx-xx-xx.txt report that is located in <MFT Command CenterHome>\messages directory where xxxx-xx-xx represents the date the synchronization took place. Copyright TIBCO Software Inc. 2003 2010. All Rights Reserved. 11

Manage LDAP Authenticators MFT Command Center LDAP Integration Guide Manage LDAP Authenticators The manage authenticators page lists all LDAP authenticators that have been defined to the system. Navigate to Management > Authenticators > Manage Authenticators. From here you can delete, test, and edit the LDAP authenticators. To delete an authenticator click on the box in the Delete column to select it and then click the Delete button. Users from the deleted authenticator will not be removed from the MFT database, they will no longer be able to log into MFT, have their rights removed, and LDAP Status set to Inactive. It is also possible to test the connectivity to an authenticator, do this by clicking on the Test link of the authenticator you want to test. To edit the properties of an authenticator click on the authenticator name and the update Authenticator page will display for you to make changes to the configuration. The Update Authenticator page is the same in format as the Add Authenticator page. After the desired changes have been made to the authenticator, select the update button to save the changes. *Note: After updating an authenticator some changes may not be effective until after a sync takes place. 12 Copyright TIBCO Software Inc. 2003 2010. All Rights Reserved.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information