Copyright © Cloud Software Group, Inc. All rights reserved. |
This attribute is not defined automatically when you install or upgrade iProcess Engine. To use this attribute, you must explicitly assign a value to it using the SET_ATTRIBUTE command.The attribute only appears in the output of the SHOW_ALL_ATTRIBUTES command if you have explicitly assigned a value to it using the SET_ATTRIBUTE command.
1. the value of the user’s SW_DOMAIN user attribute (if defined). This attribute specifies a single valid machine name or domain name that should be used to validate a particular user’s password. (See TIBCO iProcess Windows (Workspace) Manager’s Guide for more information about this attribute and how to set it.)
2. the LOGON_OS_LOCATION value (if defined).
3. the search path provided by the Windows LookupAccountName function (which iProcess Engine uses to find the user’s account name). This path is:
•
• If iProcess Engine is running on a standalone machine, passwords are always validated against local machine accounts. The SW_DOMAIN and LOGON_OS_LOCATION attributes are ignored even if they are set.If the SW_DOMAIN or LOGON_OS_LOCATION attribute is defined, iProcess Engine checks to see if the user account exists in that location. If the account does not exist there, or if the password does not match the one defined, password validation fails. An error is also written to the sw_warn file indicating that a mismatch has occurred. For example:
You should define LOGON_OS_LOCATION (or the SW_DOMAIN user attribute) if user accounts with the same name exist in two or more trusted domains, because you cannot guarantee which domain the LookupAccountName function will check first, and so pick the account information from. Consequently, a logon attempt may fail because it is validated against the wrong domain.
If you use a UVAPI package to perform password validation, you should note that using the LOGON_OS_LOCATION and/or SW_DOMAIN attributes requires that you use extended (_ex) versions of some UVAPI interfaces. The extended interfaces support the passing in and out of user location information from the SW_DOMAIN user attribute and/or LOGON_OS_LOCATION process attribute. (The old interfaces are still supported, but if you use them the location of the user is not passed down from LOGON_OS_LOCATION or SW_DOMAIN attributes.)See TIBCO iProcess User Validation API User’s Guide for more information.
Copyright © Cloud Software Group, Inc. All rights reserved. |