Home
Extended ECM
API, SDK, REST and Web Services
DS Hidden Password
ISD_HIT
We would have a lab on the Directory Services module with NTLM Authentication for users. User could login the LL via NT account if we reset all users password to hidden in LL. Question :1) On the DS configuration, btw, we could select reset the password of "All user" or "Directory Service Users". However, where could I define the "Directory Service Users" ? 2) We would like to have a DS login and Application login via different URL. How could I achieve it ? Should it require to enable the "Account Sync" in DS ? Thx all.Following is the environment detail :LL : 9.1 SP3DS : 2.2.2OS : W2K SP3IIS : 5.0Oracle : 8.1.7Auth. PDC : NT4.0DS Setting : "NTLM Auth.(Username only)"Syn : No Enable
Find more posts tagged with
Comments
Brian_Walsh
Message from Brian G. Walsh via eLinkA DS user is identified by the UserData field in the KUAF table. When a useris synched this field is populated with an assoc that identifies the user asa DS user. In order to maintain both internal and external accounts a synchmust be done to differentiate users as either one or the other. In your casesince you do not synch no user will be flagged as a DS user therefore youwill need to reset passwords for all users.External (DS login) and internal (Application login) Livelink logins arepossible through 2 different urls but each login will be a differentaccount. It could be possible to use the one account for each user and havethe different urls using anonymous and NT authentication but for theanonymous authentication to work you would have to give the user thepassword that is on the password.log file after you reset all passwords.-----Original Message-----From: eLink Discussion: Livelink Directory Services Discussion[mailto:directoryservices@elinkkc.opentext.com]Sent: Wednesday, December 03, 2003 03:45To: eLink RecipientSubject: DS Hidden PasswordDS Hidden PasswordPosted by HIT, ISD on 12/03/2003 03:18 AMWe would have a lab on the Directory Services module with NTLMAuthentication for users. User could login the LL via NT account if we resetall users password to hidden in LL.Question :1) On the DS configuration, btw, we could select reset the password of "Alluser" or "Directory Service Users". However, where could I define the"Directory Service Users" ?2) We would like to have a DS login and Application login via different URL.How could I achieve it ? Should it require to enable the "Account Sync" inDS ?Thx all.Following is the environment detail :LL : 9.1 SP3DS : 2.2.2OS : W2K SP3IIS : 5.0Oracle : 8.1.7Auth. PDC : NT4.0DS Setting : "NTLM Auth.(Username only)"Syn : No Enable[To reply to this thread, use your normal e-mail reply function.]============================================================Discussion: Livelink Directory Services Discussion
https://knowledge.opentext.com/knowledge/livelink.exe?func=ll&objId=3062146&objAction=viewLivelink
Server:
https://knowledge.opentext.com/knowledge/livelink.exe
volvostephen
The data in the UserData column of Kuaf is in the format of A<1,?,'NTLM'='ntlm:stephen.fisher'> so one option you could have is to populate that column for DS users only. Then you could run the reset for DS users only. lso if you add the entry to opentext.ini as follows[Security]HidePasswords=TRUEthen when a user is created, you don't have to run the Reset Password function - you would only need to run it if their login name changes. Then again, you wouldn't be able to reset passwords for Non DS users if you enable that opentext.ini setting.Hope this additional Info helps.What I have done here is, we have both a primary server and admin server. The DS module is installed on both but only active on the Primary server. Also on the primary server the flag HidePasswords=TRUE is set so when an account is created, we don't need to run the Reset passwords. Then, I hae the Admin server still able to create non DS users if need be. Currently I have no way to distunguish the two types of users but then again - I don't need to have both types of users so I am ok.
Anthony_Hall_(melwat01user3_-_(deleted))
Hi BrianWhat you are suggesting seems at odds with what happens when I try this using Directory Services 2.2.2 on Livelink 9.2.0.1. I can't select Random for Directory Service users only, I get a message [Password cannot be changed. External authentication enabled.] I would like to be able to give users a password to use externally via the SEA servlet as well as internally via our DS authenticated system.Also, I have a pressing need to set up a fair amount of content as offline for a number of users, and I was hoping to be able to do this by logging in as them, by getting the password from the log file.Is all this actually possible?Anthony HallMelbourne Water
