Working with Directory Services

On generating a repository security subsystem, users and groups are created in the security manager. If login into repository is assumed with the use of domain or integrated domain authentication, domain users and groups must be added in the security manager.

Foresight Analytics Platform gets information about domain security subjects from the domain directory service or global directory that must be set up in the computer network. Interaction depends on the type of the directory service in use and the operating system installed at directory service server. The following directory services are supported: Active Directory, OpenLDAP. Interaction with directory services is executed by the LDAP protocol.

Advanced Settings

If connection to the directory service of the current domain (global directory of the current network) is executed, and the service is based on Active Directory (Windows OS), advanced settings do not need to be done in Foresight Analytics Platform.

If the directory service is located at Linux OS server, or it is required to connect to the directory service in the network other than the current one (Linux or Windows OS server), then the OpenLDAP (open implementation of the LDAP protocol) will be used for communication. If the access is executed from the Linux OS computer, the OpenLDAP system libraries are used. The Windows OS computers will require installation of the external software providing OpenLDAP implementation (for example, OpenLDAP for Windows). In order that authentication works using GSSAPI protocol, on LDAP and PostgreSQL servers it is necessary to install MIT Kerberos for Windows 4.1 (bitness should be the same as of Foresight Analytics Platform). Analytics Platform). It will be also necessary to adapt configuration files:

  1. In the Settings.xml or in registry file set parameters of comparison between directory service attributes and security subject attributes in Foresight Analytics Platform.

  2. In the OpenLDAP and Kerberos configuration files it is required to determine settings that manage work in the current network and define connection settings to various domains. The settings is executed according to the OpenLDAP and Kerberos documentation. The defined settings must take into account work parameters of the current computer network and must be coordinated with network administrator.

Below are examples of the Settings.xml file, depending on the OS type, based on which the directory service works. Specify directory service server URL in the "url" attribute, and domain components in the "base" attribute. This information can be obtained from administrator of the network, in which the server is located.

NOTE. It is prohibited to determine base in ldap.conf and settings.xml at the same time.

Settings to connect to Windows OS based servers

Settings to connect to Linux OS based servers

See also:

Creating User Accounts and Working with Them | Connecting Domain User | Connecting Domain Group