IMPLEMENTING DIRECTORY SERVICES INTEGRATION WITH HELIX MEDIA LIBRARY Revision Date: September 2014

Similar documents
InfoRouter LDAP Authentication Web Service documentation for inforouter Versions 7.5.x & 8.x

Active Directory Requirements and Setup

Integrating Webalo with LDAP or Active Directory

McAfee One Time Password

Configuring Sponsor Authentication

SecureAware on IIS8 on Windows Server 2008/- 12 R2-64bit

Configuring and Using the TMM with LDAP / Active Directory

Installation Guide. Research Computing Team V1.9 RESTRICTED

Using Internet or Windows Explorer to Upload Your Site

Configuring Claims Based FBA with Active Directory store 1

VERALAB LDAP Configuration Guide

McAfee Endpoint Encryption for PC 7.0

Active Directory Integration Notes. Introduction. Overview

Coveo Platform 7.0. Microsoft Active Directory Connector Guide

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Alert Notification of Critical Results (ANCR) Public Domain Deployment Instructions

Enterprise Server Setup Guide

Click Studios. Passwordstate. Installation Instructions

SOFTWARE BEST PRACTICES

LDAP and Active Directory Guide

PriveonLabs Research. Cisco Security Agent Protection Series:

Installing the ASP.NET VETtrak APIs onto IIS 5 or 6

Redtail CRM Integration. Users Guide Cities Digital, Inc. All rights reserved. Contents i

IIS SECURE ACCESS FILTER 1.3

PineApp Surf-SeCure Quick

Pronestor Room & Catering

Active Directory Integration

Click Studios. Passwordstate. Installation Instructions

R i o L i n x s u p p o r r i o l i n x. c o m 1 / 3 0 /

SchoolBooking LDAP Integration Guide

Here, we will discuss step-by-step procedure for enabling LDAP Authentication.

ThinManager and Active Directory

NAS 206 Using NAS with Windows Active Directory

Virto Password Reset Web Part for SharePoint. Release Installation and User Guide

Active Directory integration with CloudByte ElastiStor

Snow Active Directory Discovery

NSi Mobile Installation Guide. Version 6.2

NAS 253 Introduction to Backup Plan

Installation Manual v2.0.0

Getting Started with Clearlogin A Guide for Administrators V1.01

Installation & Configuration Guide User Provisioning Service 2.0

How To - Implement Single Sign On Authentication with Active Directory

Windows Azure Support in Kentico CMS 5.5 R2

Managed Devices - Web Browser/HiView

BlackBerry Enterprise Server Resource Kit

MIS Export via the FEM transfer software

mylittleadmin for MS SQL Server Installation Guide

Marcum LLP MFT Guide

Click Studios. Passwordstate. High Availability Installation Instructions

Version 9. Active Directory Integration in Progeny 9

Click Studios. Passwordstate. High Availability Installation Instructions

To install Multifront you need to have familiarity with Internet Information Services (IIS), Microsoft.NET Framework and SQL Server 2008.

Active Directory Backend Users. Installation Guide

If you examine a typical data exchange on the command connection between an FTP client and server, it would probably look something like this:

How To Backup In Cisco Uk Central And Cisco Cusd (Cisco) Cusm (Custodian) (Cusd) (Uk) (Usd).Com) (Ucs) (Cyse

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

Egnyte Single Sign-On (SSO) Configuration for Active Directory Federation Services (ADFS)

Virto Active Directory Service for SharePoint. Release Installation and User Guide

ContentWatch Auto Deployment Tool

wce Outlook Contact Manager Documentation

Capture Pro Software FTP Server System Output

Opacus Outlook Addin v3.x User Guide

Administrator s Guide

Active Directory LDAP Quota and Admin account authentication and management

TIBCO Spotfire Platform IT Brief

Ingenious Testcraft Technical Documentation Installation Guide

Security Assertion Markup Language (SAML) Site Manager Setup

OTP Server Integration Module

User Replicator USER S GUIDE

Livezilla How to Install on Shared Hosting By: Jon Manning

NetIQ Access Manager 3.2 integration

IIS, FTP Server and Windows

User Management Tool 1.6

SharePoint Integration Framework Developers Cookbook

Remote Desktop Web Access. Using Remote Desktop Web Access

Administrator's Guide

Getting Started with AD/LDAP SSO

DSHS Secure FTP Instructions

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

Click Studios. Passwordstate. High Availability Installation Instructions

Table of Contents. OpenDrive Drive 2. Installation 4 Standard Installation Unattended Installation

ImportManager 5 Installation Manual

DIRECTORY PASSWORD V1.2 Quick Start Guide

Monitoring Oracle Enterprise Performance Management System Release Deployments from Oracle Enterprise Manager 12c

System Administration Training Guide. S100 Installation and Site Management

Configuring MailArchiva with Insight Server

SchoolBooking SSO Integration Guide

Managing Users, Computers, & Groups

Open Directory. Contents. Before You Start 2. Configuring Rumpus 3. Testing Accessible Directory Service Access 4. Specifying Home Folders 4

Computer Services Documentation

Delegated Administration Quick Start

USING STUFFIT DELUXE THE STUFFIT START PAGE CREATING ARCHIVES (COMPRESSED FILES)

HOW TO SILENTLY INSTALL CLOUD LINK REMOTELY WITHOUT SUPERVISION

How To Install The Snow Active Directory Discovery Service On Windows (Windows) (Windows 7) (Powerbook) (For Windows) (Amd64) (Apple) (Macintosh) (Netbook) And (Windows

AD Phonebook 2.2. Installation and configuration. Dovestones Software

Transcription:

IMPLEMENTING DIRECTORY SERVICES INTEGRATION WITH HELIX MEDIA LIBRARY Revision Date: September 2014

Helix Media Library User Guide Table of Contents Introduction...3 1. Prerequisites...3 2. Running the Test Harness...3 3. Implementation... 10 4 Testing... 13 2

Introduction This guide details the process of testing and installing the AD/LDAP module to integrate the Helix Media Library with an Active Directory or LDAP service. For the module to work, the Helix Media Library software needs to be at version 1.1 or higher, but this document concentrates on how to implement the module with version 2.5 of the Media Library. The module is a licensable option; please contact your local sales representative for details on purchasing the module. 1. Prerequisites Before you begin, ensure that you have obtained the following information: Which service is used? Active Directory or LDAP? If AD is being used, will it be against Organisational Units or Security Groups. If using LDAP then OU s are the only option. The fully qualified domain name of the server that will be used to authenticate against? Credentials of an account that has permissions to perform directory lookups If different to the account specified above, credentials of another account that will be used to test with. N.B. this account must be a member of an OU or Security Group, so that when you test it you can see the OU(s) or group(s) it is a member of. 2. Running the Test Harness Although the Test Harness is used to check whether the connection can be made to the directory services server from the Helix Media Library, and that groups can be returned, it is important to run it to facilitate with testing the implementation. When you run the harness and it returns the groups for the test account they will be output to the text file. From here you can see which groups the account is a member of and then create one of these (exactly as it is written in the directory) in the HML in order to test whether the test user can log in. You need to run the test harness on the piece of hardware where HML is installed to test communications between it and the Directory Services Server. 3

Helix Media Library User Guide 2.1 Download the test harness from the location that has been provided to you by your system provider, if you do not have this please contact your local sales representative 2.2 Unzip the file and open the folder to see the following: The two files in here that you will need to use are AuthTestHarness.exe.config and runtest.bat The AuthTestHarness.exe.config file contains the variables that will be used to extract information from the directory and pull back the groups. It contains information values that, once configured correctly, will need to be copied over into the web.config files for the VLS and UPLOAD web sites. 2.3 The run-test.bat file is used to simulate a user logging on. When it is run another file will be created in the same directory called AuthLog.txt. This will display the information for the user pulled back from the directory. Importantly, if the configuration is correct, it will display the groups/ou s the user is a member of at the bottom of the text file. 4

2.4 To set up the run-test.bat file, input the credentials of the account you are using for testing, followed by ADAuth or LDAPAuth depending on which service is in use. Enter them each with a space between them as in the example below. It should read: AuthTestHarness.exe username password ADAuth LDAPAuth 2.5 Save this and exit, and now open up the file AuthTestHarness.exe.config. When you open the text file it will appear as below: 5

Helix Media Library User Guide Here is further detail on the values that need to be configured: Key AuthServerURL AuthServerUsername AuthServerPassword AuthServerAuthenticationType AuthServerUserSearchFilterKey AuthServerGroupSearchType PathSearchFilterKey UserPropertySearchName UserPropertySearchFilterKey EnableLogging Explanation Fully qualified domain name of the directory server to be contacted e.g. ad.domain.edu Username of account that can perform directory lookups Password to match the above account Anonymous or None are possibilities, but Secure is the most commonly used CN is used for LDAP searches, but for AD the most common attribute name is SAMAccountName If searching Against OU s, use the attribute PathSearch. If searching against Security Groups or OU s in LDAP use the attribute UserPropertySearch. Use SecurityGroupSearch if searching for nested Security Groups or SecurityGroupSearchCrossDomain if searching across multiple domains This will only be used when searching against OU s, so can be left set to ou regardless Use the attribute groupmembership for LDAP, or for AD use memberof The attribute used should be CN for LDAP or AD Leave this set to true so we can see the text file produced 6

Here is an example of how the AuthTestHarness.exe.config file has been modified in order to return the Security Groups users are members of: 2.6 It is important the attributes are entered in correctly to match how they appear in the directory, with the correct case. For example, group membership needs to written as groupmembership, with the M in uppercase. It is a good idea to explore the directory to see which attributes are being used and how they are written. A good tool for doing this is AD Explorer, which can be downloaded here: http://technet.microsoft.com/enus/sysinternals/bb963907 When run, it will show the directory tree. When expanded you can click on a user to see the attributes. Below is a screenshot of AD Explorer when used to find the attributes of the user TestUser. 7

Helix Media Library User Guide As the search is being run against Security Groups, the attribute ou can be ignored. Using AD Explorer, it is easier to see how the search is being performed. With the config file, in this case, we are asking the directory to return the value for samaccountname, and what they are a member of. As we specified the account in the run-test.bat file earlier as TestUser, we are looking for it to return the group Test Group. 2.7 When the batch file is now run, it should return the following text file (AuthLog.txt). There will be lots of information, but the important thing is that the groups are returned, at the very bottom of the file. 8

If FOUND GROUP: appears with the group/s listed afterwards, then the configuration is correct and the integration information can be entered into the config files. If no groups are found, double check that the attributes are entered correctly and ensure you have run AD Explorer to check whether any non-standard attributes are being used. 2.8 If you have several domains that you wish to authenticate against you can add in further domain servers into the test harness below the first one, appending the number to the end, as follows: 9

Helix Media Library User Guide <add key="authserverurl" value="domain1.org" /> <!--the url of the LDAP/AD server--> <add key="authserverurl2" value="domain2.org" /> <!--the url of the LDAP/AD server--> 3. Implementation 3.1 There is a DLL file that needs to be placed into the bin folder of the both the vls and upload directories. From within the AuthTestHarness folder, take a copy of the Auth211R3.dll. This module is a licensable option. The file should have been provided to you by your system provider. Please contact your local sales representative if you do not have this file. 3.2 Paste a copy into each of the bin folder in the following locations, where C:\ is the default install location of the install. C:\HelixMediaLibrary\vls\bin and C:\HelixMediaLibrary\upload\bin 3.3 The web.config files need to be edited to contain the information from the test harness. Before doing this it is best to take a backup of the config files, in case there is a problem. Start with the web.config in the C:\HelixMediaLibrary\vls directory. 10

3.4 The information from the test harness needs to be put into this file, inside the <appsettings></appsettings> XML elements. There will be two values already present that need to be configured but weren t in the test harness. These relate to the DLL you just put in the bin folder. <appsettings> <!--<add key="authdllpath" value=""/> <add key="authtypename" value=""/>--> </appsettings> Inside the speech marks, set the value for AuthDLLPath to the path to where the Auth.DLL resides for each site. For configuring the vls web.config file point to the DLL in the \vls\bin\ directory and for the upload site the DLL in the \upload\bin directory. For AuthTypeName set the value to ADAuth for Active directory or LDAPAuth for LDAP integration. 3.5 When this is done, remove the exclamation mark, dashes and chevrons as marked above in red to uncomment the code. 11

Helix Media Library User Guide 3.6 Below the AuthTypeName key, copy and paste in the information from the auth test harness config file. When copying from the config file, copy just the text from within the <appsettings></appsettings> elements, as these are already included in the web.config files. The vls web.config file should now look like this: 3.7 Repeat this process for the web.config file in the upload folder. You can copy all of the above text to make it easier, but ensure to change the path to the Auth.dll to point to the bin directory of the upload site, C:\HelixMediaLibrary\upload\bin\Auth.dll. 12

4 Testing 4.6 In order to test that the configuration is correct, and the HML is authenticating against the directory, a group needs to be created in the Helix Media Library. Log in as an administrator and navigate to the Security section on the upload site. Add a new group, ensuring that it is written exactly as it appears in the directory as an OU or Security Group. Going from the example above, it can be seen from the text file that the group found was Test Group. Set this as the group name in HML, and give it view and upload rights to a category. Save the changes, click Back To Library and log out. 4.7 Now log in with the test user used in the batch file earlier. You should now be logged in and have access to the categories specified above. 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information