Overview
This page presents information about Windows AD log in options and LDAP Server integration.
On this page:
| Table of Contents | ||||
|---|---|---|---|---|
|
Windows Authentication Integration
Windows AD support is always automatically available when running the solution on Windows computers.
In this case, you will use the configured users for the Active Directory login. If the Windows OS has the same name as the user created in Security → Permissions, the application will use the permissions configured for that user. Otherwise, it will use the permissions for the Guest user.
You just need to connect the clients (RichClient or SmartClients) using the Windows AD port, as defined in Runtime → Execution Profiles or Runtime → Startup. The default port is 3102, but this can be changed in the project configuration.
Example of TSmartClient URL using Windows Authentication:
http://127.0.0.1/fs-2016.2/TSmartClient.application?port1=3102&wa=true
When using Redundancy, the port follows the command line defined to start the server projects.
Accepting only AD connections
When running the solution, it is also possible to force to use the AD only, disabling the solution denied users from runtime access.
To use Windows Authentication, select the checkbox ‘Use WA’ in Runtime → Startupand configure which port will be used for authentication in PortWA.
User Identification
The Windows user that is logged in on the computer accessing the server where the solution is running will be the username identified by the solution.
When you are using client instances, the server computer is the one that validates the user for the client. Therefore, the logged Windows user on the client computer needs to exist on the server computer and be in the same domain group.
After user validation, the user's Windows group will determine which project security permission will be used. It will search in the project's security permissions for the same Windows group name. If it finds an exact match, then the security permissions for that name will be used in the project for the logged user. If no names match, the Guest permission will be used.
LDAP Server Integration
To enable the LDAP Server in the platform, please go to Security → RuntimeUsers. Then, type the LDAP server's name in the AD/LDAP Server field.
To integrate the LDAP Server, the only customization you need to do is to use the AD/LDAP Server field.
The project Client.LogOn() method in the LOGON page will work properly after enabling the LDAP Server.
When this method is called, it will check the project for an Engineering User. If none are found, it will check for a Runtime User. If no Runtime Users are found, it will check for an LDAP user if the LDAP Server is configured. The first user that is found and validated will be the user that is logged into the project.
After user validation, the user’s Windows group will determine which project Security Permission will be used. It will search in the project Security Permissions for the same Windows Group name. If it finds an exact match, the Security Permission will be used in the project for the logged-in user. If no names match, the Guest permission will be used.
In this section:
| Page Tree | ||||
|---|---|---|---|---|
|