Highlighted
jcj4235 Absent Member.
Absent Member.
2065 views

Authentication question

My Setup:
8 servers consisting of OES2sp3 and OES11. Running DSfW, Zenworks 10, NSS, CIFS, AFP, Netstorage, LDAP, iPrint, etc. About 1100 users.

Is is possible to have eDirectory authenticate a users password against an external system? My department runs its own servers but would like to use the universities user database for authentication. When I create accounts on my system they are set to the same username as the university system. What I would like is to have eDirectory verify against the university system for the password. It would be great if the universal password could be set on a successful login just in case the university system goes down. I would also need to be able to block internal only accounts (admin, services, etc) from authenticating against the university system.

The university system supports Kerberos, Central Authentication Service (CAS), SAML, and Shibboleth.

Any Ideas?

Thanks,

Joel
Labels (2)
0 Likes
9 Replies
Anonymous_User Absent Member.
Absent Member.

Re: Authentication question

Joel,
You left out an important detail – what type of system is the “university system”? – without knowing that only IDM (Identity Manager) comes to mind.

Leroy Joseph
Visual Click Software
(eDirectory Management and Reporting)
eDirectory Management and Reporting | DSRAZOR for eDirectory
0 Likes
jcj4235 Absent Member.
Absent Member.

Re: Authentication question

Leroy,

The university system is kinda home grown. I do not know all the details but I understand it is an LDAP system that uses MIT-Kerberos as the main user database. They also have AD but do not like doing trust with departments. They prefer people to use Kerberos, CAS, SAML or Shibboleth. I do not have the ability to see users or passwords on the university system. All I am allowed to do is pass a username and password and get a success or failure response.

Joel
0 Likes
Knowledge Partner
Knowledge Partner

Re: Authentication question

On 27.03.2012 18:56, jcj4235 wrote:
>
> My Setup:
> 8 servers consisting of OES2sp3 and OES11. Running DSfW, Zenworks 10,
> NSS, CIFS, AFP, Netstorage, LDAP, iPrint, etc. About 1100 users.
>
> Is is possible to have eDirectory authenticate a users password against
> an external system?


No. I know, pretty short answer, but that's it. You may be able to sync
passwords with IDM, but eDir will never authenticate elsewhere.

CU,
--
Massimo Rosen
Novell Knowledge Partner
No emails please!
http://www.cfc-it.de
CU,
--
Massimo Rosen
Micro Focus Knowledge Partner
No emails please!
http://www.cfc-it.de
0 Likes
jcj4235 Absent Member.
Absent Member.

Re: Authentication question

Massimo,

Unfortunately the university's system admins will not allow any form of a sync to there system.

Thanks,

Joel
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Authentication question

Massimo, would IDM be his only solution that you know of?
Joel - it may be best to work with the university people to try and come up with a solution.

Leroy Joseph
Visual Click Software
(eDirectory Management and Reporting)
eDirectory Management and Reporting | DSRAZOR for eDirectory
0 Likes
jcj4235 Absent Member.
Absent Member.

Re: Authentication question

I called and talked with a sales person at Novell and they said yes it can be done. Next week I have a conference call with a support engineer to talk about more detailed requirements and how to do the setup.

I will post the results of the call.

Joel
0 Likes
Anonymous_User Absent Member.
Absent Member.

Re: Authentication question

jcj4235;2186110 wrote:
I called and talked with a sales person at Novell and they said yes it can be done. Next week I have a conference call with a support engineer to talk about more detailed requirements and how to do the setup.

I will post the results of the call.

Joel


Joel,
Thanks for the update and I'm looking forward to what the Novell Support Engineer said. Also, what Software solution if any the the Sales Person mention?

Leroy Joseph
Visual Click Software
eDirectory Management and Reporting | DSRAZOR for eDirectory
0 Likes
jcj4235 Absent Member.
Absent Member.

Re: Authentication question

Leroy,

They mentioned using SSO or maybe Access Manager.

Joel

PS.

Just got DSRAZOR for eDirectory and it is working nicely.
0 Likes
jcj4235 Absent Member.
Absent Member.

Re: Authentication question

Well, I said I would reply back with Novell's recommendation on how to do this. But I'm sad to say that after 3 phone calls to Novell I never got a call back. I even talk to a sales person who said yes this can be done and that they would have a engineer call me.

But it is not an issue now. Where I work each department runs there own network and now the main IT group is going to consolidate all the departments in to a single AD forest.

So effective immediately my migration to the dark side begins. 😞

Joel
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.