i

Please enable JavaScript to view this site.

Documentation 8.4

When an organization uses directory services to register its users, Deyel can be configured to delegate the authentication process to LDAP.

 

 

Autenticación-LDAP

 

The user enters the user code or alias and the password on the user portal access page.

 

 

FADAutenticacionLoginLDAP

 

 

Deyel verifies that a user exists in its register, with the user code or alias entered and delegates the authentication to LDAP. If the user is registered in Deyel and LDAP reports a correct authentication, then the access is allowed.

 

IMPORTANT

 

Before activating LDAP authentication it must be ensured that a registered user exists in Deyel and can authenticate correctly in LDAP.

If none of the users meet these conditions, it is not possible to enter the portal.

 

Deyel verifies that the administator that is configurating the environment can authenticate correctly in LDAP.
When LDAP is used as one of the Mixed authentication methods, this last verification is not done.

 
When Deyel can not establish communication with LPAD server, an administrator is allowed to enter the portal by using Native authentication.

In these cases, the user does not have all administration options available, but can only access to the environment configuration, to reconfigure the mechanism of authentication.

 

With this mechanism of authentication the option “Forgot your Password” is not available.

If the user does not remember their password, they must observe the procedures that the organization determines to solve the problem.

 

 

In the configuration of the execution environment of Deyel, different aspects of the integration with LDAP can be configured.

 

LDAP - Server Connection

Configuration of access to LDAP server. All properties are required to activate LDAP authentication.

 

LDAP - User Search

Configuration of users search in LDAP Directory. Establishes the search subtree, LDAP attributes which are considered search keys and additional user selection filters.

 

LDAP - Attribute Synchronization

Configuration of Deyel user properties that are synchronized with LDAP attributes

Attribute Synchronization

 

Deyel allows certain properties of the users can be recovered from attributes of LDAP directory, avoiding that these properties can be modified in Deyel.

 

When Deyel connects correctly and determines that the user exists in LDAP, it is marked as a “Synchronyzed User”. This indicates that some of their attributes have been obtained from LDAP and can not be modified in Deyel. In the same way, Deyel automatically removes the “Synchronized User” mark when it determines that the user does not exist in LDAP. This way its attributes can be modified in Deyel.

 

There are different moments in which these attributes synchronization is done.

Login        

 

When the user authenticates correctly against LDAP, attributes are synchronized. If Deyel detects an error that does not enable to do this synchronization, a register of this is left in the logs console and log in to the portal is not allowed.

User Creation

 

When a user is created, by informing the user code or the alias, the existence in LDAP is verified. If the user exists in LDAP, attributes are obtained and remain protected. They can not be modified in Deyel. If the values recovered from LDAP are incorrect or the user does not exist in LDAP, creating the user in Deyel is not allowed.

User Modification

 

When a user is modified, Deyel syncs again the attributes before showing the information on the screen. If Deyel detects an error that does not enable to do this synchronization, a register of this is left in the logs console and the synchronization is not done. Then, there is access to the user information, but the synchronized properties can not be modified from Deyel.

Query and Deletion of Users

 

When these operations are executed, an attributes synchronization is also done before showing the user information on the screen. If Deyel detects an error that does not enable to do this synchronization, a register of this is left in the logs console and the synchronization is not done.

Send us your comment
Share on Twitter Share on Linkedin Send by Email Print