LDAP Configuration
Configuring LDAP as a method of entry into the eBA System.
- Server settings
- Configuration with eBA Configuration Tool
- Setting up IIS
- Mapping eBA users to LDAP users
- Testing and troubleshooting
1. Server settings
The server where the eBA is installed must be able to access the server with LDAP on the network. The server must be domainized.
2. Configuration with the eBA Configuration Tool
The eBA Configuration Tool is run from the path [eBA Installation Directory]\ConfigServer\eBAServerConfigTool.exe. After the program is running, the following screen can be accessed by selecting the Security tab.
The following properties must be selected on this screen.
Authentication Mode : custom Authentication Type : LDAP
If users will only use LDAP usernames when logging in, then LoginMode should be : external.
It should be mixed if they are going to use both the eBA username password and the LDAP username password, or **internal if they are going to use the LDAP username password.
If the user names in the eBA are the same as the user names in the LDAP, then ExternalUserMatch : equal should be .
If they are not the same, they must be matched. How to do this is described in [Mapping 4. eBA users to LDAP users](### Mapping 4th eBA users to LDAP users).
Domain path should be able to query the users who will enter the system. Otherwise, authentication cannot be performed. This domain must be selected from the Default domain selection box.
If there is more than one domain, the Allow Multiple Domain Entry selection box should be checked. Thus, more than one domain entry can be made.
If the Allow Multiple Domain Entry checkbox is unchecked and more than one domain is already registered, the program will wait for confirmation from the user to delete all domain names and paths except the Default Domain.
Domain Path can be tested by pressing the Test button. The following screen can be reached by pressing the test button.
On this screen, values such as Domain Name and Domain Path automatically come from the relevant fields. The domain path entered by filling in the Username and Password fields can be checked.
In order for these settings to be detected, the eBAServer service must be started and stopped by going to the Services tab.
3. Setting up IIS
Under Control Panel->Administrative Tools->Internet Information Services, the properties of the eba.net application must be entered. Features View, Authentication is double-clicked.
In the incoming window, Anonymous access must be selected (Enabled). The bottom Windows authentication should not be selected (Disabled).
eba.net application Content View is clicked and WindowsAuthentication.aspx file is found in the list on the right side and entered into the Features View*** properties.
The Authentication option is double-clicked. Anonymous authentication should not be selected in the incoming window (Disabled). At the bottom, Windows authentication should be selected. (Enabled***)
4. Mapping eBA users to LDAP users
If eBA users are not the same as LDAP users, matching is necessary. In this way, it is possible to understand which user each user in LDAP corresponds to in eBA.
For mapping definitions, it is necessary to add the ExternalUsername definition to the user definitions.
After the eBA enters System Manager, the Organization Management->Property Definitions->Properties menu opens.
If ExternalUsername is not present in Feature Definitions, click the Add New Property Definition button and select Name: ExternalUsername, Title: ExternalUsername, Type: Text and press OK in the window that comes up.
If ExternalUsername is not included in the User Properties, click Add New Property.
In the Feature Definitions list, click on ExternalUsername. This feature is thus added to the User Properties***.