How does the CaliberRM Server authenticate my user credentials when I login to CaliberRM with LDAP integration enabled?
- Product Name: CaliberRM
- Product Version: Up to CaliberRM R2 SP1
- Product Component: CaliberRM Server
- Platform/OS Version: All
CaliberRM interacts with LDAP on two occasions.
- First, at startup the CaliberRM server verifies that it can connect to the LDAP server. If this connection cannot be established, the server disables Directory Services for this execution and continues the startup process.
- The second interaction occurs at each user logon attempt. In this case, the server first ensures that the supplied user id is a valid CaliberRM identifier (in Framework Administrator). If this is true, the server reads the LDAP distinguished name (DN) from the database. If a DN does not exist, the CaliberRM server searches LDAP for the user id. This search starts at the root, specified in the control panel (BaseDN), and uses the filter, also specified in the control panel. If a LDAP entry is found, the server updates the CaliberRM database with the DN from LDAP and continues the login process. If a DN cannot be found, the login is rejected. If a DN exists, or if one was found, the CaliberRM server attempts to bind to the LDAP server using the DN and the password supplied by the user. The success or failure of this bind determines if the user is allowed access to the CaliberRM system.
Author: Sarah Thompson
Old KB# 15896