MACROMEDIA CONTRIBUTE 3-CONTRIBUTE PUBLISHING SERVER Podręcznik Użytkownika Pobierz pdf (Strona 42)

ADOBE CONTRIBUTE CS3

User Guide

LDAP authentication types CPS authenticates users against the LDAP directory. For CPS to authenticate a user, the

LDAP server must verify the user’s display name. This is usually a unique name in the LDAP tree that is associated

with the user. CPS receives only a user name, so it must retrieve the user’s display name, based on the user name, to

authenticate the user.

In your User Directory service configuration, you can select one of four types of LDAP authentication:

1 LDAP bind authenticates users by pre-pending a specified prefix and appending a specified suffix to the user ID.

With this method, you can specify only a single prefix and a single suffix.

Use this method if all the DNs in your LDAP directory are stored as

prefix + <username> + suffix

If all DNs are not stored according to this pattern, then this method does not enable you to construct a path to all

the users in your system.

2 LDAP bind (auto-find user DN) authenticates users in a two-step process: CPS looks up the user ID of the user

who’s trying to log in to determine that user’s DN, and then uses the DN to authenticate the user.

Use this method if all your DNs are not stored according to the same

prefix + <username> + suffix pattern.

For example, if you have set up CPS to search multiple branches (OUs) of your LDAP tree, and those branches store

DNs in different ways, then you should use this authentication method.

Although this method requires and extra LDAP search (compared to the LDAP bind method), it gives you more

flexibility.

3 Password in file authenticates users using passwords that you specify when you add users to the file-based User

Directory.

Note: If you use the file-based authentication with an LDAP Directory, you must have a file entry for each user in your

LDAP directory.

4 Windows domain uses your organization’s Microsoft Windows® authentication solution.

If you use this method, the User IDs in your LDAP directory must match your Windows user IDs.

Authentication workflow

When you attempt to connect to a CPS-managed website through Contribute, the process through which CPS

communicates with your organization’s LDAP or other user directory service is as follows:

1 Contribute prompts you for user directory authentication credentials.

2 Contribute generates a Simple Object Access Protocol (SOAP) user authentication message, and sends the

request to CPS over an SSL-encrypted network connection.

Note: While sending SOAP requests to CPS, Contribute sends the request over an SSL encrypted network connection,

and uses port 8900 by default. The message timeout is 20 seconds.

3 CPS requests authentication from the LDAP server by using the credentials specified in the SOAP user authenti-

cation message.

Note: While sending requests to the user directory server, CPS sends the request over an LDAP or LDAPS network

connection, and uses ports 389 and 636 by default. The message timeout is 60 seconds.

4 The LDAP server attempts to validate the credentials and sends the resulting confirmation or rejection to CPS.

5 If the authentication was successful, CPS sends a connection key to the Contribute client for each website that

you have access to.

1 2 ... 37 38 39 40 41 42 43 44 45 46 47 ... 57 58

Brak uwag

MACROMEDIA CONTRIBUTE 3-CONTRIBUTE PUBLISHING SERVER Podręcznik Użytkownika Strona 42