COM-FSM
COM-FSM > SIS Documentation > Forms and Reports > Validation > LDAP Service

LDAP Service

Page last modified 02:17, 12 Sep 2012 by kgirrard
    Table of contents
    No headers

    LDAP service configuration

    Summary Services that LDAP can provide authentication to
    Maintainer Information Technology
    Source Information Technology
    Affects LDAP integration
    Affected By  
    Values  

    Requirements

    The majority of values in this table correlate directly with the LDAP database.

    The OU (organization unit) must exist (or be created) manually in the LDAP database prior to services being configured for users.

    Operation

    For some services the configured Hash serves as a preferred Hash. For services with an objectClass of "posixAccount" any of CRYPT, MD5, SHA, SSHA, or SMD5 will be used if the configured Hash is not available for a user. This is to allow, for example, services converted from UNIX password files having CRYPT-encoded passwords to still be used for authentication if another Hash is preferred.

    Access level (LV) controls which forms can modify accounts. Any account configured with a service having a more critical access level (lower values) may not be updated from forms with more limited access. The E-Mail Account form, for example, will not allow modification to any account that has student database access.

    Address Type and E-Mail Domain associate an LDAP service to a specific e-mail address type. If an address type is specified, an E-Mail Address record will be linked to the service (it will be created whenever the service is specified for an account and is active, and will be deleted when the service is disabled or removed). If an Address Type is specified but not an E-Mail Domain, the domain from the Organization form will be used instead.

    Powered by MindTouch Core