otmfaqForumsBlogsRegister
FAQMembers ListCalendarToday's PostsSearch

 Subscribe Blogs:RSS
 Subscribe Forums:RSS
OTMFAQ Home
OTMFAQ Blogs
OTMFAQ Forums
OTMFAQ Tutorials

OTM SIG
MavenWire


Network Fitting OTM / G-Log into your network - including browsers, firewalls, reverse-proxies and SSO.

Tags: , , ,

Reply
 
Submit Tools LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old January 29th, 2008, 20:06
Junior Member
  
Join Date: Jan 2008
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 0
wlirio is on a distinguished road
OTM and LDAP (OID)
Hi,
We are trying to integrate OTM 5.5.3 with OID using the LDAP configuration.
On the documentation there is a section that talks about extending the LDAP directory to include the GLUSER Attribute.
Quote from Install Doc "
OTM requires that the user ID field be part of the Distinguished Name (at least externally to an LDAP
client). It also requires that each LDAP user object to be authenticated with OTM be populated with
the GLUSER attribute. The GLUSER attribute should not be part of the Distinguished Name."
End Quote
I am not sure what is the GLUSER.

Thanks,
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old January 30th, 2008, 18:46
chrisplough's Avatar
Site Moderator
  
Join Date: Jun 2006
Location: West Chester, PA
Posts: 816
Blog Entries: 7
Thanks: 53
Thanked 199 Times in 121 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 10
chrisplough has a spectacular aura aboutchrisplough has a spectacular aura aboutchrisplough has a spectacular aura about
Send a message via AIM to chrisplough
Re: OTM and LDAP (OID)
Hello,

the GLUSER is the G-Log (OTM) UserID, in the form of DOMAIN.USERNAME -- for instance GUIEST.ADMIN or COMPANY.LOUISE.

Just a little advice as you start looking itno this, I'd highly recommend using SSO (single sign-on) instead of the LDAP integration. With LDAP, you need to keep two copies of the OTM user's password - one in OTM and one in your LDAP directory and they must always be in sync. Instead, with SSO, you just keep the password in your SSO's repository and OTM simply accepts the userID passed to it, without doing it's own authentication. OTM's security remains intact and it's much easier to use.

--Chris
__________________
Chris Plough
MavenWire

www.MavenWire.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old February 4th, 2008, 17:24
Junior Member
  
Join Date: Jan 2008
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 0
wlirio is on a distinguished road
Re: OTM and LDAP (OID)
Thank for clarifying the GLUser. Regarding SSO I read somewhere that OTM 5.5.3 does not support SSO which why I went the LDAP route.
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #4 (permalink)  
Old February 4th, 2008, 18:44
chrisplough's Avatar
Site Moderator
  
Join Date: Jun 2006
Location: West Chester, PA
Posts: 816
Blog Entries: 7
Thanks: 53
Thanked 199 Times in 121 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 10
chrisplough has a spectacular aura aboutchrisplough has a spectacular aura aboutchrisplough has a spectacular aura about
Send a message via AIM to chrisplough
Re: OTM and LDAP (OID)
You're welcome. On the SSO side, I haven't seen any notes, but I can't imagine it not working in CU03, because some very high profile clients are using it.

--Chris
__________________
Chris Plough
MavenWire

www.MavenWire.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #5 (permalink)  
Old February 12th, 2008, 17:26
Junior Member
  
Join Date: Dec 2007
Posts: 3
Thanks: 1
Thanked 0 Times in 0 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 0
rsadani is on a distinguished road
Re: OTM and LDAP (OID)
We are also in similar stage of installing a access management tool for controlling access to service providers. We are planning to use Siteminder as a SSO tool for access management (with OTM 5.5.4)
Are there any specific advises around this?
Thanks
Ravindra
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #6 (permalink)  
Old February 12th, 2008, 19:09
chrisplough's Avatar
Site Moderator
  
Join Date: Jun 2006
Location: West Chester, PA
Posts: 816
Blog Entries: 7
Thanks: 53
Thanked 199 Times in 121 Posts
Groans: 0
Groaned at 0 Times in 0 Posts
Rep Power: 10
chrisplough has a spectacular aura aboutchrisplough has a spectacular aura aboutchrisplough has a spectacular aura about
Send a message via AIM to chrisplough
Re: OTM and LDAP (OID)
Ravindra,

Several OTM / G-Log clients have used Siteminder SSO with OTM without issue -- I wouldn't expect you to have any issues. Just keep in mind that you'll need to configure OTM to use both SSO and the Reverse Proxy (URL Prefix) configuration.

--Chris
__________________
Chris Plough
MavenWire

www.MavenWire.com
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
The Following User Says Thank You to chrisplough For This Useful Post:
rsadani (February 12th, 2008)
Reply

« [SOLVED] Single Signon with OTM | MAC Address »


Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 16:31.
Copyright © 2008, Open Book Solutions LLC. All rights reserved.

Sponsored by MavenWire - MavenWire.com


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37