Adding an Authentication Source
To add an authentication source, perform the following steps:
| 1. | On the System Settings tile, click User Authentication Configuration. |
| 2. | Click Add icon in the User Authentication Configuration page. There are two types of authentication sources available: |
-
LDAP Server
-
BC Database
By default, the BC Database is available on the User Authentication Configuration page whereas the LDAP server is displayed in the Source Alias column after you configure it.
LDAP Server
In the New Ldap Server dialog box, enter the following information:
LDAP Server Settings
| Field | Description | ||||||
|---|---|---|---|---|---|---|---|
| Alias | Alias name for the LDAP server. | ||||||
| Host Name | The IP address or name of the machine on which the LDAP server is deployed. | ||||||
| Port Number | The port number used for connecting to LDAP. | ||||||
| Bind DN and Bind Password |
The LDAP server's Bind DN. The base DN is an X.500 distinguished name, which
denotes the sub-tree of an LDAP directory where the to-be-authenticated user
records are posted, such as: The Bind DN provided can be an LDAP user that has both read and write permissions to LDAP. The user needs permission to:
Authenticate other users to LDAP (that is, call the LDAP authenticate API or have read access to the password/credentials of LDAP user objects). |
||||||
| Base DN | Added prior to Bind DN when searching for users. This is the starting point in the LDAP hierarchy at which the search begins. | ||||||
| User Search Filter |
You can specify a user search filter and only users that have the specified attribute are returned. Using the defaults for the user search filters, all users are returned. For example: • Base DN: • User Search Filter: |
||||||
| User Name Attribute |
Provide the LDAP attribute name that represents the user name in the LDAP directory server. It is good practice to use the value of |
||||||
| User to Group or Role Membership Attribute |
Provide the LDAP attribute that represents the User to Group (or Role) membership attribute in the LDAP directory server. The value for this attribute lists the Groups or Role the user is enrolled for the DN. Note: Different LDAP servers have different User to Group or Role membership
attributes. For example, specify the value of memberOf for the Open LDAP server
or Microsoft Active Directory LDAP server, nsrolsedn for the Sun ONE LDAP
server, and ibm-allGroups for the IBM Tivoli Directory Server.
|
||||||
| isSecure | Select this check box to check whether this is a secure LDAP URL. | ||||||
| isEnabled |
Select this check box to check whether the LDAP connection is enabled. No operations are permitted for disabled connections. |
||||||
| isReadOnly | Select this check box to check whether the LDAP connection has Read Only permission. Read-only LDAP connections permit only read operations. However, read-only LDAP connections can update passwords. | ||||||
| Server Certificate | The server certificate used for secure LDAP communication. Select one of the certificates that was configured under System Settings > Certificate Store > Server Identities & Certificates. | ||||||
| Test Connection |
Click Test Connection tab to verify whether the connection works. If the test is not successful, review the configuration steps. |
For more information about the LDAP Role BaseDN Attribute, see Activate Protocol Plugins, LDAP Configuration.
BC Database
The BC Database option is added by default when a user chooses it and uses it as a source of user information.
Authentication Source Defaults
The added and configured authentication sources are displayed in the Source Alias column. TIBCO BusinessConnect Container Edition uses the sources to authenticate the external users as per the order in which all the sources are listed or as per the status of the source (enabled or disabled).
For example, if you add BC Database and then LDAP as authentication sources, BCDB (the BC Database alias) is listed first in the Source Alias column and LDAP is listed second in the Source Alias column.
When authenticating external users, TIBCO BusinessConnect Container Edition uses BCDB first. If authentication fails with that source, TIBCO BusinessConnect Container Edition retries the authentication using LDAP.
You can use Move Up and Move Down options or drag and drop the sources in the Source Alias column to adjust the priority of the authentication source.