Trying to configure Single Signon (LDAP) with a CAC card with Asset Manager 9.40
I have Asset Manager 9.40.10530 and I am using a government CAC card to login to a U.S. Government network.
I am trying to accomplish this FIRST with the Asset Manager Client. I do have two way SSL set up for the Asset Manager Web. This is all out of box setup right now - no data is in the system other than username's and a few assets that are bogus.
How do I configure this?
So far, I have set it up this way:
LdapAllowAnonymous -- No
LdapField -- UserLogin
LdapPort -- 389
LdapServer -- bear
Use Ldap -- Yes
UseLdapSSL -- No
For Employees and departments
How do I set up the LDAP DN ? It keeps telling me incorrect DN
I have the LDAP DN set up this way:
UID=<My CAC information is here>,CN=DOD EMAIL CA-31,OU=PKI,OU=DoD,O=U.S. Government,C=US
Basically the general steps to configure the LDAP functionality are the following with one example of how to set the DN value:
How to enable LDAP authentication in Asset manager ?
1. Open the Asset Manager Windows client. Login to the database and click on Administration -->
2. Set the following in the database options
a. Use LDAP server for authentication -- set it to YES.
b. Mention the LDAP server port -- 389 (in most cases)
c. List an LDAP server
d. Asset manager communicates with LDAP using the complete distinguished name (DN) of the user and hence it is imperative to gather this information for each user.
(Example for complete DN : Username=test01,ou=people,dc=hp,dc=com)
3. Click ok to save the database options.
4. Go to Employee and department table and create a user in Asset Manager similar to LDAP.
Set the Username( SQL name User Login) to the Complete DN and set password.
5. Try logging in complete DN and password.
Since it is not feasible to use complete DN for logging in everytime in the best option is to set simpler names.
6. For setting simpler names , this complete DN, for each user can be documented in any one of the fields in the Employee and department table , Eg : "Field1" field and this field can be set in the "SQL name of the field in the 'amEmplDept' table containing the LDAP directory login" in the Database options.
7. On this sqlfield enter the complete DN and the Username in Profile tab enter the simple name. Login with simple name and password.
Hopefully this information could be helpful, however we would like to know what is the environment where you are making this configuration and if you are seeing an error message trying to connect, maybe some screenshots could help us to isolate the issue,