LDAP & SSO Servers

If ExtraView Corporation is hosting your installation, you do not have direct access to the file system of the server to configure, alter or use this feature without contacting ExtraView support.

ExtraView may be configured to work with both Lightweight Directory Access Protocol (LDAP) and Single Sign On (SSO) servers. LDAP servers include Microsoft's implementation named Active Directory. It is not necessary to configure both LDAP and SSO at the same time, although this can be done.

We strongly recommend that you have access to a resource that is skilled in administering LDAP and/or SSO to set up these features.

You may connect directly to an LDAP server, or you may connect to an LDAP server via SSO. Typically, it is slightly easier to configure the combination of LDAP and SSO servers, as opposed to configuring only an LDAP server.

This section discusses connecting ExtraView with both SSO and LDAP first, and then discusses a direct connection to LDAP without SSO.

Neither LDAP nor SSO is part of ExtraView, but are separate applications that ExtraView may integrate with. There are many “flavors” and implementations of both LDAP and SSO and they may be configured in many different ways by different organizations. While ExtraView may connect to and use LDAP and SSO, the configuration is often different from one installation to another. ExtraView’s professional services team can help with the integration of ExtraView to your LDAP and SSO servers, but this is not part of the standard installation, and may be a separate, chargeable event.

Setting up LDAP and SSO implies that you will set up the configuration in both behavior settings and within the Configuration.properties file external to ExtraView.

Note that there is also a hybrid authentication mode, where ExtraView can authenticate against an LDAP server and also use its own internal authentication mechanism. This is ideal in an environment where you want to use the LDAP server for internal users, but use ExtraView's authentication for your customer users.

LDAP Synchronization

The standard configuration is that ExtraView performs a lookup of information in the LDAP server for each request that requires the information, such as to authenticate a user or to perform a seach for users. If the connection from the ExtraView servers to the LDAP servers has high latency, a performance problem may be introduced. To counteract this, there is an inbuilt ExtraView task that will perform an LDAP synchronization with ExtraView on a timed basis. With this synchronization, ExtraView will lookup information in its own database, while the synchronization task keeps the ExtraView database up-to-date.

The advantage is a performance gain, but the expense is that the information in the ExtraView database will only be up-to-date as of the last synchronization. Thus, new users may take some time to be recognized and changes to a user's record, such as password change, will only propogate when the synchronization fires. See the page here for more information.