This section of behavior settings deals with LDAP and SSO settings. The available settings are:
| Behavior Setting | Value | Description |
| ALLOW_SSO_AT_SIGN | NO | If set to YES, SSO user id's will be generated from the SSO primary key in its entirety. If set to NO, the user id generated from the SSO primary key consists of the string preceding any AT SIGN (@) |
| CUSTOM_AUTHENTICATION | NO, YES, HYBRID, LDAP or LDAP-HYBRID | This setting can have one of five values, NO, YES, HYBRID, LDAP or LDAP-HYBRID. When the value is NO, ExtraView uses its standard inbuilt authentication. If it set to YES, custom authentication (with user custom code) will be used rather than using the inbuilt user authentication scheme. If the value of HYBRID is selected, then ExtraView attempts to perform the custom authentication first. If this is unsuccessful, then the standard inbuilt authentication method is called. If it set to LDAP, LDAP authentication will be used rather than the inbuilt user authentication scheme. If the value of LDAP-HYBRID is selected, then ExtraView attempts to perform the LDAP authentication first. If this is unsuccessful, then the standard inbuilt authentication method is called.
When the CUSTOM_AUTHENTICATION behavior setting is set to YES and a user's account is updated with the Expire password checkbox being checked, then if the custom authentication routine returns true indicating that the authentication was successful, When the CUSTOM_AUTHENTICATION behavior setting is set to HYBRID and the user's account is set to expired (same as above), then it does not matter what the custom authentication routine returns as long as the credentials are valid, and the Change Password form is also presented for the user to change their password. |
| LDAP_DEFAULT_AREA | <AREA_ID> | The default area_id to be set when adding a new user by retrieving their details from the LDAP server |
| LDAP_DEFAULT_PROJECT | <PROJECT_ID> | The default project_id to be set when adding a new user by retrieving their details from the LDAP server |
| LDAP_HOST | ldaps://<hostname>:<port> | The URL to the LDAP server, e.g. ldap://blah.com:389 |
| LDAP_MANAGER | <DN_FOR_USER_LOOKUP> | The “Security Principal” or user accessing LDAP |
| LDAP_PSWRD | <LDAP_MGR_PASSWORD> | The password to the LDAP server |
| LDAP_ROOT | <SEARCH_BASE_DN> | The root directory of the LDAP server or search base, e.g. ou=blahWorker, o=blah.com |
| LDAP_SEARCH_FITLER | LDAP filters may be defined in the behavior setting or may be defined in the Configuration.properties file. The behavior setting takes precedence over the Configuration.properties entry.
LDAP filters are defined in RFC 2254. As an example, if you wanted to add a filter to only retrieve records with mycompany within the email address, you could set this as the filter: (mail=*mycompany*) The parentheses are essential. |
|
| LDAP_UPSERT | YES | This setting controls upserting LDAP information to ExtraView. THe possible values are YES or NO. When this value is NO, LDAP will not be used to add or update ExtraView user information. A valid LDAP user that is not already an ExtraView user will not be able to log in to ExtraView |
| LDAP_UPSERT_DEFAULT_USER_ROLE | <EXTRAVIEW_ROLE> | If this setting contains a valid role, then this is the role a user is given when the LDAP upsert takes place. If this setting does not contain a value, then the role defined in the behavior setting named LIMITED_USER_ROLE is used instead. |
| LDAP_USER_LOOKUP | YES or NO | When this behavior setting is set to YES, whenever a user performs an operation to lookup the details of another user, ExtraView will ask the LDAP server for the information. At the same time this is done, the information for the user within ExtraView, will be synchronized with the information within the LDAP record |
| SSO_DEFAULT_AREA | 0 | This setting is used to identify the business area ID of a new user to ExtraView, when SSO headers authenticate the new user, and it is the first time the user has logged in. In this case, the user is created dynamically and associate this business area ID with the user. |
| SSO_DEFAULT_PROJECT | 0 | This setting is used to identify the project ID within the business area specified in SSO_DEFAULT_AREA, of a new user to ExtraView, when SSO headers authenticate the new user, and it is the first time the user has logged in. In this case, then we create the user dynamically and associate this project ID with the user. |
| SSO_HOST | URL to the SSO server | |
| SSO_MANAGER | Defining search parameters/permissions | |
| SSO_PSWRD | Password to the SSO server | |
| SSO_STATE | NO | Enable Single Sign On in this instance (YES/NO) |
