Página 1 de 1

LDAP para mapear usuarios en SiteRemote

NotaPublicado: Mar, 14 Abr 2015, 10:18
por sitekiosk.es
Nota: esta documentación se aplica a la versión 5.1.0.2188 y superior. Por razones de compatibilidad con OpenLDAP la sintaxis de la sección user.config se ha cambiado desde la original versión 5.1.0.2186. La sintaxis antigua ya no es compatible.

With SiteRemote Server 5.1 we introduced LDAP user mapping for customers running their own SiteRemote server. Now you can use user credentials provided by the directory service of your company's domain (q.v. Active Directory) for authentication in SiteRemote.

LDAP users and normal SiteRemote team users can be used together. At least one SiteRemote team user is required for each team you want to map LDAP users to.

Before you can map LDAP users to SiteRemote you need to create at least one team. You can do that for example on the Teams tab of the SiteRemote Server Administration. Note that while creating the team you need to specify a user, this user must not be an LDAP user but a normal SiteRemote Team user. This is the user responsible for a team and it cannot be deleted when logged in with an LDAP user. You can only delete this user from another SiteRemote team user account within a team.

After the team creation you can proceed to prepare your SiteRemote server to use LDAP authentication. You now need to manually edit the configuration file of the server. You will find the SiteRemoteServer.config file under ..\PROVISIO\SiteRemote\Config. Open it with an editor like Notepad and scroll down to the bottom. There you need to change the default User.config section right before the closing configuration tag:

<User.config LdapServerPort="0" LdapSecureSocketLayer="false" />

to something like this:

<?xml version="1.0" encoding="utf-8"?>
<Configuration>
...
...
<SiteCaster.config VideoAudioAnalyzerPath="VideoAudioAnalyzer.exe" />
<User.config>
<LdapImportFullFilePath>c:\ldapuserlist.csv</LdapImportFullFilePath>
<LdapServerHost>ldapserver.yourdomain.biz</LdapServerHost>
<LdapServerPort>389</LdapServerPort>
<LdapSecureSocketLayer>false</LdapSecureSocketLayer>
<LdapUserPatterns>provisio\{0}</LdapUserPatterns>
</User.config>
</Configuration>

The User.config section is the parent element for all LDAP related child elements in the SiteRemote configuration.

The LdapImportFullFilePath element must include the full path to the .csv file that includes the domain users you want to map to SiteRemote. More on that file a little later.

LdapServerHost includes the full host name of your LDAP server. (also known as DN or Distinguished Name), including the LDAP protocol prefix (LDAP://), the port (default is 389 or 636 if using an SSL connection) and the domain components (DC). Note that the second DC uses biz in this example, but the domain suffix can of course also be com, de and so on.

LdapServerPort specifies the port your LDAP server uses. The default LDAP port is 389 or 636 if using an SSL connection.

LdapSecureSocketLayer is a boolean value. It is true if the server uses SSL.

LdapUserPatterns defines the way SiteRemote queries the user with the LDAP server. There are tree supported principal forms: LDAP DN, Kerberos and NTLM. Note that these forms cannot be mixed. {0} is a required part of the pattern and is replaced by SiteRemote to include the user name that is authenticated with the LDAP server.
LDAP DN uses the LDAP distinguished name syntax. This is used for example in OpenLDAP installations like Novell eDirectory.