Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor



Similar documents
Using LDAP Authentication in a PowerCenter Domain

HP Device Manager 4.7

Security Assertion Markup Language (SAML) Site Manager Setup

ProxySG TechBrief LDAP Authentication with the ProxySG

Configuration Manager Error Messages

Group Management Server User Guide

LDAP Authentication and Authorization

Integrating Webalo with LDAP or Active Directory

Configuring the SQL Server Data Source on WebSphere for LiveCycle Form Manager and LiveCycle Workflow

ing from The E2 Shop System address Server Name Server Port, Encryption Protocol, Encryption Type, SMTP User ID SMTP Password

Configuring Sponsor Authentication

Installing Policy Patrol on a separate machine

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Configure SecureZIP for Windows for Entrust Entelligence Security Provider 7.x for Windows

To enable an application to use external usernames and passwords, you need to first configure CA EEM to use external directories.

IIS, FTP Server and Windows

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Sending an Message from a Process

Windows Live Mail Setup Guide

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

CA Performance Center

LDAP and Active Directory Guide

Content Filtering Client Policy & Reporting Administrator s Guide

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Summary. How-To: Active Directory Integration. April, 2006

How to Logon with Domain Credentials to a Server in a Workgroup

User Management Resource Administrator. Managing LDAP directory services with UMRA

Polycom RealPresence Resource Manager System Getting Started Guide

AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide... 3 About this guide... 3

How to Secure a Groove Manager Web Site

Configuring and Using the TMM with LDAP / Active Directory

IPedge Feature Desc. 5/25/12

Active Directory LDAP Quota and Admin account authentication and management

Configuring User Identification via Active Directory

CLEO NED Active Directory Integration. Version 1.2.0

HP Device Manager 4.6

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory

Active Directory 2008 Implementation. Version 6.410

Integrating LANGuardian with Active Directory

F-Secure Messaging Security Gateway. Deployment Guide

Configuration Guide BES12. Version 12.3

Sample Configuration: Cisco UCS, LDAP and Active Directory

Avatier Identity Management Suite

Basic Exchange Setup Guide

Configuration Guide BES12. Version 12.2

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

LDAP Synchronization Agent Configuration Guide for

Using EMC Documentum with Adobe LiveCycle ES

Cloudwork Dashboard User Manual

Security Provider Integration Kerberos Server

Jobs Guide Identity Manager February 10, 2012

Nexio Insight LDAP Synchronization Service

How To Take Advantage Of Active Directory Support In Groupwise 2014

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

StarWind iscsi SAN Software: Challenge-Handshake Authentication Protocol (CHAP) for Authentication of Users

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Security Provider Integration LDAP Server

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Authentication Methods

Configuration Guide. BES12 Cloud

ECA IIS Instructions. January 2005

Flexible Identity. LDAP Synchronization Agent guide. Bronze. version 1.2

Outlook 2010 Setup Guide (POP3)

LDAP User Guide PowerSchool Premier 5.1 Student Information System

Basic Exchange Setup Guide

How To Use Libap With A Libap Server With A Mft Command Center And Internet Server

Administrator Guide. v 11

Protected Trust Directory Sync Guide

Instructions: Configuring Outlook 2003 with Exchange 2010 on the FIUMail

Active Directory Integration

Skyward LDAP Launch Kit Table of Contents

PGP Desktop LDAP Enterprise Enrollment

Assistant Enterprise. User Guide

Configuring Microsoft RADIUS Server and Gx000 Authentication. Configuration Notes. Revision 1.0 February 6, 2003

NETASQ ACTIVE DIRECTORY INTEGRATION

Getting Started with Clearlogin A Guide for Administrators V1.01

Adobe Connect LMS Integration for Blackboard Learn 9

Installation and Configuration Guide

NetMotion + YubiRADIUS Quick Start Guide

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

Managing Identities and Admin Access

How To Configure A Bomgar.Com To Authenticate To A Rdius Server For Multi Factor Authentication

Using LDAP for User Authentication

Introduction. Versions Used Windows Server 2003

Synchronization Agent Configuration Guide

Configuration Guide BES12. Version 12.1

Use Enterprise SSO as the Credential Server for Protected Sites

Open Thunderbird. To set up an account in Thunderbird, from the Tools menu select Account Settings; choose account; then click Next.

Protected Trust Setup Guide for Brother MFC Devices

Administration Guide. WatchDox Server. Version 4.8.0

Outlook Express. Make Changes in Red: Open up Outlook Express. From the Menu Bar. Tools to Accounts - Click on Mail Tab.

Using Entrust certificates with Microsoft Office and Windows

netld External Authentication Setup Guide

Transcription:

Adobe Enterprise & Developer Support Knowledge Article ID: c4715 bc Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor In addition to manually creating users and user permissions, LiveCycle Workflow Business Activity Monitor (BAM) enables you to import user information from supported LDAP providers. You can configure scheduled synchronizations with the LDAP server to automatically update the existing users and roles or perform manual synchronization. When synchronizing with the LDAP server, the properties user base DN, login identification and password, full name, description, and email address are cached in the BAM database. When LiveCycle Workflow BAM imports users from the LDAP server, LDAP groups are converted to BAM roles. Users are assigned BAM roles according to the group they belong to in LDAP. For more information, see Limitations in LDAP connectivity and Best practices. LiveCycle Workflow BAM supports the following LDAP providers: SunOne Directory Server 5.2 Microsoft Active Directory 2000 Microsoft Active Directory 2003 Note: LiveCycle Workflow BAM should be able to integrate with any LDAP provider that supports LDAP Version 3 Protocol. However, only the three listed above have been tested and are fully supported. This section describes the following topics: Limitations in LDAP connectivity Best practices Setting up LDAP synchronization Setting up LDAP user mapping Setting up LDAP role mapping Manually synchronizing with the LDAP server Limitations in LDAP connectivity The following limitations apply to LiveCycle Workflow BAM: You can configure a connection to only one LDAP server. LiveCycle Workflow BAM creates roles based on groups that are defined on the LDAP server. When LiveCycle Workflow BAM encounters a group for which a role is not yet created, it creates the role and assigns it a set of zero permissions. You can later modify the permissions as required. For information about specifying the LDAP groups to use as roles, see Configuring LDAP role mapping. If LiveCycle Workflow BAM imports a user and the user does not belong to a group to which a BAM role corresponds, the user is created but remains unassigned to any roles. You cannot change the role that a user is assigned to if the user is imported from the LDAP server. Role assignments for imported users can be accomplished by making changes to the LDAP server. However, you can assign manually-created users to roles that are created based on LDAP groups. Best practices When setting up LDAP in LiveCycle Workflow BAM, it is strongly recommended you adhere to the following best practices: If the connection to the LDAP server is not secure, you should use SSL. For information, see the Installing and Configuring LiveCycle Workflow guide. For authentication, SASL is the recommended method and is well supported by LDAP. For security reasons, the access permissions of the LDAP synchronization user should be limited to querying the LDAP server. For more information about the synchronization user, see Setting up LDAP synchronization.

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor 2 The password for this user is stored in the LiveCycle Workflow BAM metadata using reversible symmetric encryption. Therefore, anyone with access to the metadata could conceivably obtain this password. Configuring LDAP synchronization This section describes the settings for scheduling the automatic synchronization of LiveCycle Workflow BAM with the LDAP server. Synchronization ensures that the user accounts and role definitions that LiveCycle Workflow BAM caches in the database are up to date with the content of the LDAP server. During synchronization, LiveCycle Workflow BAM creates new roles based on new groups that on the LDAP server and removes any roles whose groups have been removed from the LDAP server since the previous synchronization. Note: Role removal occurs even if users that were created manually are assigned to the roles. For a user that was created manually and is assigned to a role that is based on an LDAP group, if the role is removed due to synchronization the user account still exists but is no longer assigned to the role. To configure LDAP synchronization: 1. Log on to the BAM Workbench. 2. Open the Administration Console and click System Settings. 3. Click the LDAP Synchronization tab. 4. Select the LDAP Enabled option, if it is not already selected.

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor 3 5. Configure the following settings: Parameter Initial Context Factory LDAP Server LDAP Port LDAP SSL LDAP Authentication LDAP Principal DN Prefix LDAP Principal DN Suffix LDAP Synchronization User LDAP Synchronization Password Value The JNDI (Java Naming and Directory Interface) through which LiveCycle Workflow BAM connects to the LDAP server. The default is com.sun.jndi.ldap.ldapctxfactory. Note: You will probably not need to change this value. The DNS name or IP address of the LDAP server. The port on which the LDAP server is running. The default port is typically 389. However, if you select the SSL option the typical default port is 636. You should talk to your LDAP administrator to confirm the port that you should specify. Select if the LDAP server is configured to use SSL. Selecting this option may affect the LDAP Port setting. There are three options: Simple. You should select this option for SunOne and Microsoft Active Directory. SASL (Simple Authentication and Security Layer) Compare Encrypted Password cn= Refers to the DN suffix at the end of a distinguished name. SunOne and ActiveDirectory typically use the following values: SunOne: ou=people,dc=your domain,dc=com Active Directory: @your domain.com SunOne:,cn=Directory Manager Active Directory: Administrator@your domain.com Password for LDAP Synchronization User 6. Click Test Connection. Note: This button tests the connection and also tests the user mapping and role mapping configuration. If the connection settings are correct, the message will indicate that the connection was successful. If you have not yet configured LDAP User Mapping and LDAP Role Mapping, the message returns an error. 7. Set the LDAP Synchronization Schedule. Use the Add Schedule, Edit Schedule, and Remove Schedule buttons to create the desired schedule. Note: You should set synchronization for a time when the fewest number of users are likely to be logged on. 8. Click OK or click another tab to configure additional settings. The LDAP synchronization settings are now complete. The next section describes the LDAP user mapping parameters Configuring LDAP user mapping This section describes the user mapping parameters that determine which users will be imported and/or synchronized. The settings vary depending on the LDAP server provider being used.

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor 4 Parameter LDAP User Base DN LDAP User Search Filter LDAP User LoginID LDAP User Full Name LDAP User Description Value Use the format appropriate to the indicated provider: SunOne: OU=people,DC=your domain,dc=com Active Directory: CN=Users,DC=yourdomain,DC=com Use the format appropriate to the indicated provider: SunOne: (&(objectclass=inetorgperson)) Active Directory: (&(objectclass=user)) For example, your LDAP server could have a special group for LiveCycle Workflow BAM users. This filter could then ensure that only users with this group membership are imported. SunOne: cn Active Directory: samaccountname This value will become the user s login identification in LiveCycle Workflow BAM. Enter displayname if you are using either SunOne or Active Directory Enter description if you are using either SunOne or Active Directory.

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor 5 LDAP User PrimaryEmail LDAP User EncryptedPassword Enter mail if you are using either SunOne or Active Directory. Enter userpassword if you are using either SunOne or Active Directory To configure the name mapping parameters: 1. In the System Settings dialog box, click the LDAP User Mapping tab. 2. Configure the following settings: Note: The sample settings in the above table have been tested and used in successfully LDAP configurations. 3. Click the LDAP Synchronization tab and click Test Connection to see if the users are imported successfully. 4. Click OK or click another tab to configure additional settings. Configuring LDAP role mapping This section describes the role mapping parameters that determine which groups/roles are imported and/or synchronized. The settings you specify depend on the LDAP server provider that you use.

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor 6 Parameter LDAP Role Base DN LDAP Role Search Filter LDAP Role LoginID LDAP Role Full Name LDAP Role Description LDAP Role Member LDAP Role Member is Value Use the format appropriate to the indicated provider: SunOne: OU=Groups,DC=yourdomain,DC=com Active Directory: CN=Users,DC=yourdomain,DC=com SunOne: (&(objectclass=groupofuniquenames)) Active Directory: (&(objectclass=group)) Enter cn if you are using either SunOne or Active Directory. Enter displayname if you are using either SunOne or Active Directory. Enter description if you are using either SunOne or Active Directory. SunOne: uniquemember Active Directory: member Select one of the following options: Distinguished Name, if the users are defined using a format such as cn=jadmin,ou=people,dc=yourdomain,dc=com Login identification, if users are defined using a format such as Administrator@yourdomain.com To configure role mapping parameters: 1. In the System Settings dialog box, click the LDAP Role Mapping tab. 2. Configure the following settings: Note: The sample settings in the above table have been tested and used in successfully LDAP configurations. 3. 4. Click the LDAP Synchronization tab and click Test Connection to see if the users are imported successfully. Click OK or click another tab to configure additional settings. Manually synchronizing with the LDAP server You can manually synchronize LiveCycle Workflow BAM with the LDAP server any time. Synchronization requests are queued to prevent concurrent synchronizations. To manually synchronize: Synchronize Now button

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor 7 1. Open the Administration Console and click System Settings. 2. Click the LDAP Synchronization tab. 3. Click the Synchronize Now button. A message indicates that the synchronization is complete. The time required to synchronize depends on your Product Adobe LiveCycle Workflow Published November 14, 2005 Adobe Systems Incorporated 345 Park Avenue, San Jose, CA 95110-2704 USA www.adobe.com Adobe, the Adobe logo, and Better by Adobe. are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and/or other countries. All other trademarks are the property of their respective owners. Copyright 2005 Adobe Systems Incorporated. All rights reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information