advertisement

LDAP Integration

50 %
50 %
advertisement
Information about LDAP Integration
News-Reports

Published on September 24, 2007

Author: WoodRock

Source: authorstream.com

advertisement

LDAP Integration with PeopleSoft SA WHEPSUG 2003:  LDAP Integration with PeopleSoft SA WHEPSUG 2003 Mark Rank UW-Platteville Introduction:  Introduction Who am I? DBA and Manager of Development for UW-Platteville Where does this information come from? Summary information from IPS project Internal development documentation Outline:  Outline Overview of Identity Provisioning at UW-P’ville Description of current system Summary of re-engineering efforts PeopleSoft and LDAP Some comments on supporting self-service UW-Platteville’s LDAP authentication solution Before we start:  Before we start UW-Platteville is new to self-service We did not do anything with HTML Access Were waiting for the LDAP authentication Current status of this system at UW-Platteville Initial release moved to production 9/30/2003 Characteristics of an Identity Provision System:  Characteristics of an Identity Provision System Need to accomplish three things Identity – 'Who are you?' Authentication - 'Are you who you say you are?' Authorization – 'What can you see?' The Identity Provisioning System (IPS) needs to either directly manage these tasks or provide information to other systems so that it can be managed internally The bigger picture:  The bigger picture Interconnection to UW-System IAA project Our local IPS needs to operate with the IAA system in a federated manner Current IPS:  Current IPS A custom solution created using OS scripts and various application utilities Over 8 years old with a history dating back to our mini-computer and legacy student system Current IPS:  Current IPS Currently gets all of its information from the PeopleSoft SA system System maintains the UW-P username Uses this information to populate our Novell NDS directory which then provides an LDAP service Some limitations of the current system:  Some limitations of the current system A batch system A custom solution that requires vendor specific solutions A 'brittle' system that is due for refactoring The future IPS:  The future IPS We have started a re-engineering process to move to a vendor supplied solution We are looking to use Novell’s DirXML technologies in connection with PeopleSoft to do this An intermediate step:  An intermediate step Our first goal is to decouple the account provisioning for Novell NDS from our legacy IPS system which is running on VMS (mini-computer). PeopleSoft and LDAP:  PeopleSoft and LDAP Currently in the PeopleTools 8.1x environment, PeopleSoft delivers Business Interlinks for an LDAP bind and an LDAP search These can be called using signon PeopleCode to authenticate users to the PeopleSoft system Signon PeopleCode:  Signon PeopleCode Signon PeopleCode:  Signon PeopleCode PS delivers the signon code for LDAP as well as SSO in FUNCLIB_LDAP.LDAPAUTH After reviewing it, we cloned it and refactored to make it more streamlined for our application What about CDI?:  What about CDI? We were looking to do something very specific and wanted a very 'clean' solution Did not really have time to implement CDI Because of where we are taking identity provisioning, do not plan to use CDI Some comments on supporting self-service:  Some comments on supporting self-service UW-Platteville views LDAP integration as an enabling technology for self-service As such, how self-service is deployed and configured impacts the nature of the LDAP integration We wanted to address the assignment of self-service roles as part of the integration Role assignment for Self-Service:  Role assignment for Self-Service Currently, UW-Platteville still handles authorization to PeopleSoft using static roles in the system There are processes that occur at log in and during a batch process that assign roles Want to explore dynamic assignment as we re-engineer our IPS How self-service roles are determined:  How self-service roles are determined Student Role 'select emplid from ps_stdnt_enrl where emplid = :1 and stdnt_enrl_status = 'E'' Instructor Role 'select emplid from ps_class_instr where emplid = :1' Advisor Role 'select advisor_id from ps_stdnt_advr_hist where advisor_id = :1' UW-Platteville’s LDAP authentication solution:  UW-Platteville’s LDAP authentication solution Keep in mind, we are leveraging our IPS As such, everything is driven off of people having active UW-P user accounts As I said before, we cloned the delivered code in PeopleTools and customized Custom configuration pages:  Custom configuration pages Custom configuration pages:  Custom configuration pages A note about LDAP and SSL:  A note about LDAP and SSL It appears that the business interlinks that support LDAP used an older version of the Netscape SSL SDK If people want to use LDAP over SSL, a certificate database (cert7.db) needs to be generated in the same format Easiest way to do it is to export the certificate out of a 4.X version of Netscape browser LDAP Authentication PeopleCode:  LDAP Authentication PeopleCode General flow for the authentication code Through the restricted session function, have the ability to easily restrict access for maintenance LDAP Authentication PeopleCode:  LDAP Authentication PeopleCode Because UW-Platteville keeps our profile name the same as our username we can build the distinguished name instead of looking it up Currently, we have users in two contexts so need to look in two places, thus the multiple DN support. LDAP Authentication PeopleCode:  LDAP Authentication PeopleCode The function to set the authentication result is the final step The globals are set to keep track of what profile id was finally used to log on Globals are used by the profile sync later LDAP Profile Synchronization PeopleCode:  LDAP Profile Synchronization PeopleCode Code checks for a global distinguished name This indicates the authentication was successful To make life easier, all profiles are upper cased LDAP Profile Synchronization PeopleCode:  LDAP Profile Synchronization PeopleCode Need to instantiate an instance of the USER_PROFILE component interface Look to see if we need to create or modify the user LDAP Profile Synchronization PeopleCode:  LDAP Profile Synchronization PeopleCode Build or modify the profile based on information in the PS database and the defaults on the configuration page Run the process to maintain the self-service roles Steps to implement LDAP authentication - IPS:  Steps to implement LDAP authentication - IPS Remember, we have an existing IPS Building an IPS is not trivial Need to set the scope Need to find a technology platform Need to define authoritative sources Need to build it, test it and then deploy it Steps to implement LDAP authentication – PS to LDAP:  Steps to implement LDAP authentication – PS to LDAP For UW-Platteville’s custom solution, build the online objects in PeopleSoft If you are using LDAPS, place the certificate database file in the domain directory of the app servers Configure it Enable signon PeopleCode Restart the app servers Summary:  Summary Overview of Identity Provisioning at UW-P’ville Description of current system Summary of re-engineering efforts PeopleSoft and LDAP Some comments on supporting self-service UW-Platteville’s LDAP authentication solution Questions and Discussion:  Questions and Discussion

Add a comment

Related presentations

Related pages

Lightweight Directory Access Protocol – Wikipedia

Das Lightweight Directory Access Protocol [ˈlaɪtweɪt daɪrektəri: ækses ˈprəʊtəkɒl] (LDAP), deutsch etwa Leichtgewichtiges ...
Read more

LDAP Integration - ServiceNow Wiki

Note: This page gives general information about the LDAP integration. For detailed information about setting up the integration, see LDAP Integration Setup.
Read more

LDAP Integration - Oracle

LDAP Integration. At times, particularly in large chains, many users will need access to OPERA even though they do not work in the hotels. For example, if ...
Read more

LDAP Integration Setup - ServiceNow Wiki

The latest release this documentation applies to is Fuji. For the Geneva release, see LDAP integration. Documentation for later releases is also ...
Read more

What is LDAP? - Gracion Software

What is LDAP? LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use to look up information from a server.
Read more

LDAP Integration - docs.oracle.com

LDAP Integration. At times, particularly in large chains, many users will need access to OPERA even though they do not work in the same hotel. For example ...
Read more

LDAP - mitlinx.de

LDAP - Definition. LDAP ist die Abkürzung für das Lightweight Directory Access Protocol. ... LDAP ermöglicht die Integration von Sicherheitskonzepten
Read more

Buch: LDAP für Java-Entwickler. Einstieg und Integration

LDAP für Java-Entwickler Einstieg und Integration von Stefan Zörner entwickler.press, 4. aktualisierte Auflage, April 2013 240 Seiten, Softcover
Read more

Lightweight Directory Access Protocol - Wikipedia, the ...

The Lightweight Directory Access Protocol (LDAP; / ˈ ɛ l d æ p /) is an open, vendor-neutral, industry standard application protocol for accessing and ...
Read more

Generische LDAP-Integration – MailStore Server Hilfe

Aufruf der Verzeichnisdienste-Integration. Melden Sie sich als MailStore Server-Administrator über den MailStore Client an. Klicken Sie auf Verwaltung ...
Read more