This page is written for installations technicians, and describes how to simplify form-based logons in companies which have several domains or users in complex LDAP hierarchies.
Sally is a novice computer user at the UK Sales Staff. Sally knows that her username is sally. Sally has problem logging on, because she also has a domain name which is SALESUK. In this particular system, Sally is required to enter SALESUK\sally for the authentication system to accept her.
However, it is possible to configure a helpful list of values which Sally can select domains from. This list can have helpful, humanly readable, domain names. With this system, it becomes very easy for Sally to logon:
Step 1: Sally thinks: "What's this Domain thing? Lets click and see."
Step 2: Sally thinks: "UK Sales Staff. Hey! That's me! Let's click!"
Step 3: Sally thinks: "Hmm, I selected it. Better try logon and see if it works now!"
Now, Sally is successfully logged on, and she is very happy with this easy to use select box.
The domain select box is configured in the "Domain Configuration for Login dialog" feature of IFS Solution Manager.
"Domain configuration for Login dialog" is available as an installation option in IFS Solution Manager.
By default, no domains are available. Just use RMB choice "Insert".
Using the RMB choice to Insert a new domain.
"Display Name" contains a nice humanly readable entry for the domain. This field is supposed to be very easy to read and understand.
"Configuration" is in a format understandable by the authentication system. How this entry looks is specific for each organization. A special macro exists: ${user} which is replaced by user name / User Id entered by users while logging on.
Microsoft environments usually uses a login format of either DOMAIN\${user} or ${user}@DOMAIN.
Configuration example with Microsoft style DOMAIN\${user}
Other LDAP servers can have virtually any configuration, but they are almost always a list of values assigned to userObjectClass=${user},class=value,class=class. There are some things which are common for most LDAP installations
As an example, we could have Sally belong to organizational unit Sales of company MyCompany within the United Kingdom. This may have been implemented in Novell eDirectory as:
Example from Novell eDirectory Console One: sally in organizational unit
sales of organizational unit mycompany of country uk.
The corresponding configuration for this system becomes:
Configuration example with sally in organizational unit sales of organizational unit mycompany of country uk.
When configuring LDAP domains, it highly useful to use an LDAP browser (such as Softerra LDAP Browser) to visualize the environment.
Softerra
LDAP Browser visualization of cn=sally, ou=sales, o=mycompany, c=uk
The Directory_ID is not affected by the domain configuration. Example:
sally
uses the "domain configuration" cn=${user},ou=sales,o=mycompany,c=uk,
so the Directory ID for this user should be cn=sally,ou=sales,o=mycompany,c=uksally
uses the "domain configuration" SALESUK\${user}, so the
Directory ID for this user should be SALESUK\sally sally
uses the "domain configuration" ${user}@salesuk, so the
Directory ID for this user should be sally@salesuk