Browse the Repository (sqldb) Created by the Installation
When you install 3DPassport, a local database named sqldb(Technical) is created. Users can then
create passport data and log in as explained in Installation and Setup: Install:
3DEXPERIENCE Platform: Installing 3DEXPERIENCE Platform Services for the First Time:
Installing Services One-by-One: 3DPassport: Post-Installation: Creating End User Passport
Data Manually in the Local Database This solution is easy-to-use and is suitable if you do not need or intend to use an external database directory (for example, Active Directory, LDAP) for authentication purposes, since all user data are created by the users themselves when they create their account. Therefore it requires a minimum amount of administration.
Before you begin: Make sure that your repository configurations are compatible
with your parameter choices. If you authorize creation of new accounts, allow at least one
repository for creation. If you authorize password updates, let the repositories authorize
updates.
- Click Integration, then the Repository tab.
-
Click to display the repository configuration.
-
Locate the
sqldb (Technical) area.
The Basic Configuration area contains information about the configured
repository, for example: - Repository Name
- sqldb for example.
- Type
- The type can be:
LDAP or SQL or WebService . In our example, it is an SQL database. - URL of the database storing the users
- For example:
ORACLE: jdbc:oracle:thin:@//vdevpril900dsy:1521/E4ALL
SQL Server: jdbc:sqlserver://dell2176dsy.dsone.3ds.com\MSSQL;databaseName=passdb - Driver class name
- For example:
ORACLE: oracle.jdbc.OracleDriver
SQL Server: com.microsoft.sqlserver.jdbc.SQLServerDriver - Username of the database user
- Database administrator username. For example:
iam - Password of the database user
- Password of database administrator user.
- Password hashing algorithm
- The algorithm is used to hash user account passwords in the database. Choose one to prevent
possible account hacking if the database is compromised. The algorithm can be:
sha-256 or sha-512 .
All the above parameters are those specified during the installation. The Operations Configuration area contains generic operations
settings: - Allow creation
- Select this check-box to enable creation of user data in the local
sqldb
database. - Allow update
- Select this check-box to enable updating of user data in the local
sqldb
database.Updated data is then duplicated at each login or at first login or
after the number of seconds specified according to the repository configuration.
If a repository is not synchronized, but the sqldb(Technical)
database authorizes updates, only the username and email is copied into the
sqldb(Technical) database at creation time. However, all
user's data (except password) will be updated in
sqldb(Technical) if the user updates his information through
the 3DPassport profile page. In most cases, the sqldb(Technical) database
should be configured in read-only mode only if the administrator wants to
prevent data in the external repository from being stored in 3DPassport. In this case, synchronization of the external repository should be
disabled. - Allow deletion
- Select this box to allow deletion.
The Advanced Configuration area contains advanced database configuration
parameters. Do not edit them. This repository can be updated. You can edit all basic configuration fields of the local
sqldb database. If you want to plug the 3DPassport application into a new empty database, make sure that you modify the database URL,
username and password in both the passport administration tools GUI and the
/TomEE_install_directory/webapps/ROOT_URI/WEB-INF/classes/database.properties
file accordingly. If the fields have been edited, then you apply an upgrade (for example, a hot fix), the installation takes the new values into account, and you do not need to specify them at installation time. The local sqldb database cannot be disabled. Note:
It can be combined with external databases or directories as explained below.
Add a New LDAP Repository
The local sqldb(Technical) database solution may
not be suitable. For example, you may store all your company's user
data in an external repository (for example, Active Directory, OpenLDAP) which serves as a centralized user
credential reference, and you may not want this data to be contained in
the local sqldb database. Note:
You cannot create users that already exist in a
remote repository into which 3DPassport is plugged. And you do not need to create these users in
3DPassport: you can automatically log into 3DPassport using the
credentials stored in the LDAP repository.
-
Click Repository.
-
Click .
The Basic Configuration area contains basic information about the repository
to configure: - Repository name
- Type the repository name.
- Type
- The type is :
LDAP is selected by default.
Specify the settings appropriate for LDAP (see the LDAP documentation for a detailed description). - Url(s) of the LDAP server(s) storing the users
- This is the URL of the LDAP server. You must provide the full URL with protocol (ldap or ldaps), hostname and port:
ldap://hostname:port - Distinguished name of the LDAP user
- Enter the DN of the user to connect to your LDAP server using the following format:
cn=root,dc=my-domain,dc=com If you configured the LDAP server in anonymous bind mode, you can leave this field blank. - Password of the LDAP user
- Enter the password of the user.
If you configured the LDAP server in anonymous bind mode, you
can leave this field blank. More about LDAP
anonymous binding 3DPassport supports the following LDAP bind operations:
- Simple Bind: you provide user credentials by the means of a username (in a
DN form) and a password, as usual
- Anonymous Bind: you can authenticate on 3DPassport with an LDAP account while 3DPassport is configured to contact an LDAP server as anonymous. In this case, the DN
of the LDAP user and password fields can be left blank, and end user
credentials are sent to the LDAP server.
Simple binding refers to the default 3DPassport bind operation. When you connect to the desired 3DPassport service URL, then click 3DPassport Control Center to display the administration tool GUI, then click
Integration -> Repository, you access the repository
configuration page. When adding a new LDAP repository, you are prompted
to specify both the Distinguished name of the LDAP user
and the Password of the LDAP user, to be able to bind to
the LDAP server.
For example, in this default mode, let's assume you log onto the 3DPassport as admin_platform and create a new LDAP repository, and
creation mode is activated, as well as synchronization. Then, a user creates and
registers user ses , for example. If as
admin_platform you then search for user ses ,
you can check that the user ses has been created in both the
local sqldb database and in the LDAP directory.
The user ses can then log onto the 3DPassport by specifying the appropriate credentials. However, you also have the
additional possibility to configure your LDAP server in anonymous bind mode.
When you do so, you no longer have to specify any values for the
Distinguished name of the LDAP user and the
Password of the LDAP user: you can leave both fields
blank.
You need to have an LDAP server (Active Directory, OpenLDAP, ...) configured to
allow anonymous binding. Note:
OpenLDAP is supposed to be configured to
authorize anonymous bind for read/bind but not for modify operations.
For example, you can configure your OpenLDAP by following the procedure below
on your OpenLDAP server:
- Get the current configuration by running the following
command:
ldapsearch -b cn=config -D cn=admin,cn=config -W >
slapdconf.txt
- Modify the configuration via a LDIFF file by running the following
command:
ldapmodify -D cn=admin,cn=config -W -f
change.ldiff Here are the contents of the LDIFF file
authorizing anonymous access:
dn: olcDatabase={1}hdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword,shadowLastChange by dn="cn=admin,dc=3ds,dc=com" write by anonymous auth by self write by * none
olcAccess: {1}to * by self write by dn="cn=admin,dc=3ds,dc=com" write by * write
Connect to the desired 3DPassport service URL, then click Administration Tools to display
the administration tool GUI, then click Repositories to
access the repository configuration page.
This time, leave the following fields blank: Distinguished name of
the LDAP user and the Password of the LDAP
user, then click the Update button.
Log out, then authenticate with an existing user account from your LDAP
repository. You will be redirected to the My Profile page. Note:
In the LDAP
anonymous binding mode illustrated above, LDAP user creation and update is not
possible, because if the LDAP server is configured in anonymous mode for all
operations including modification, the behavior is that the anonymous user can
modify anything, but the users themselves when authenticated will not be able to
modify their own attributes.
This means that any user you create can be searched for only in the local
sqldb database, but not in the LDAP directory. In our example
above, when searching for user ses after activating anonymous
binding, you will get the following message:
User not found in SEStestOPENLDAP
- Format of users' distinguished name
- This is used to configure the distinguished name (DN) to create a new account in the LDAP based on the fields provided by the user at registration, using the following format:
cn={givenName} {sn},ou=people,dc=my-domain,dc=com - Base distinguished name of all users operation
- This is the base RDN to search users from, using the following format:
dc=my-domain,dc=com - Employee Type
- This is the employee flag to distinguish internal and external users. You must use a numeric value (not mandatory).
- Code of active users
- The numeric code for enabled account. For example in Active Directory, active users have the
useraccountcontrol flag set to 512 (delta a bit mask) when enabled (not mandatory). Sample value: 512. - Code of inactive users
- The numeric code for disabled account. For example in Active Directory, active users have
useraccountcontrol flag set to 514 (delta a bit mask) when disabled (not mandatory). Sample value: 514. - Read timeout
- Enter a value in milliseconds for read timeout (mandatory). For example: 3000.
- Connect timeout
- Enter a value in milliseconds for connect timeout (mandatory). For example: 3000.
- Specify the settings in the Operations Configuration area, which is common to all repository types.
- Allow authentication
Check this check-box to specify that users
logging on and connecting to the 3DPassport service can be
authenticated in the external repository. If you allow
authentication on several repositories, all repositories will be
contacted. One positive answer is sufficient to allow
authentication.
If this option is checked, even synchronized
repositories are contacted for authentication.
In the Order in get repository list list, select a positive
index if you want to allow user information to be retrieved from
the repository. The higher the index, the more pre-emptive the user
information will be when merging information from different
repositories. This sets the order in which each repository is
requested for each operation. The local sqldb database is always
requested first.
- Allow creation
- Check this check-box to enable creation of user accounts in the external repository. If unchecked, no user accounts can be created in this repository. If you have requested data synchronization, the user data will be copied into the local
sqldb database, otherwise only the login and email address will be copied to the local sqldb database. You can allow the creation in several repositories, and user accounts will be created in all these repositories. At the first login, data will be synchronized in the local sqldb database . - Allow update
- Check this check-box to enable updating of user accounts in the external repository. If unchecked, no user accounts can be updated in this repository. If you have requested data synchronization, the user data will be copied into the local
sqldb database. You can allow update in several repositories, and user accounts will be updated in all these repositories. - Allow deletion
- Check this check-box to enable deletion of user accounts in the external repository.
- Specify the settings in the Attributes Mapping area.
Specify here the LDAP attributes to map to 3DPassport attributes. - Specify the settings in the Synchronization Configuration area, which is common only to all external repository types.
The term synchronization, significant only in the context of external repositories, refers to the duplication of user information, contained in the external repositories, in the local sqldb database. Synchronization controls allow you to do so. - Synchronize users' data
- Check this check-box if you want to allow user information from the external repository to be duplicated into the local
sqldb database.Note:
User information does not include the password.
- Synchronization Frequency
If synchronization is activated, choose a frequency: Synchronize users' data only at first login Synchronize users' data at each login Synchronize every X seconds : if you choose this option, enter the number of seconds between each synchronization, for example 86400 for a synchronization every day. By doing so, each time a user logs in, if the last synchronization is older than X seconds, a new synchronization will be launched.
- Synchronization frequency (in seconds)
- Specify a number of seconds between two synchronizations. The value by default is 10.
- Synchronize the users' password
- Synchronize the users' password into the local
sqldb database.
Recommended Settings for Synchronization This section specifies different scenarios that you may encounter, and explains how to set
synchronization settings for each scenario. - Default
- In the default scenario, you want to get the latest user data from external repository each time a user logs in and you want the aggregated data to be stored in the local
sqldb database. To do so:- check the
Synchronize users' data check button - set
Synchronization frequency to Synchronize users’ data at each log in - check Allow update to allow
sqldb(Technical)
updating.
- Data Privacy Enforcement
When enforcing data privacy, you want to get the latest user data from external repository at any
time, but you do NOT want the external data to be stored in the local
sqldb database. To do so, uncheck the Synchronize
users' data check box. Uncheck Allow update to disable sqldb(Technical)
updating. - Performance
- In this scenario, you do not want to fetch data from the external repository too often and you want to mainly
rely on the local
sqldb database to get user data. You want the aggregate data retrieved from
repositories to be stored in the local sqldb database. To do so:- check the
Synchronize users' data check button - set
Synchronization frequency to Synchronize every X seconds and choose a frequency value in seconds (recommended value is 86400 seconds = 1 day) - check
Allow update to allow sqldb(Technical) updating.
- Initial provisioning
- In this scenario, you want to get initial user data from the external repository to populate the local
sqldb database, but you want to rely only on the local sqldb database later on. To do so:- check the
Synchronize users' data check button - set
Synchronization frequency to Synchronize users’ data only at first login - check
Allow update to allow sqldb(Technical) updating.
Note:
Usernames and email addresses are synchronized in all cases.
- Specify the settings in the Advanced Configuration area.
This is mandatory. When you add a new repository, the default connector configuration parameters are displayed in the Advanced configuration area: builder=com.dassault_systemes.dspassport.repo.ldap.builder.LDAPRepositoryBuilder
dao.attributesMapper.builder=com.dassault_systemes.dspassport.repo.ldap.builder.SimpleAttributeMapperBuilder
dao.attributesMapper.defaultValues._objectClass.0=top
dao.attributesMapper.defaultValues._objectClass.1=person
dao.attributesMapper.defaultValues._objectClass.2=organizationalPerson
dao.attributesMapper.defaultValues._objectClass.3=user
dao.attributesMapper.defaultValues._objectClass.builder=com.dassault_systemes.
dspassport.repo.ldap.builder.SimpleLdapAttributeBuilder
dao.attributesMapper.toremove.0=active
dao.attributesMapper.toremoveatinsert.0=unicodePwd
dao.baseenvtprops.java.naming.security.authentication=simple
dao.builder=com.dassault_systemes.dspassport.repo.ldap.builder.LDAPDAOBuilder
dao.pooled=false
dao.transformer.builder=com.dassault_systemes.dspassport.repo.ldap.builder.SimpleUserFilterToRequestTransformerBuilder
userPopulator.builder=com.dassault_systemes.dspassport.repo.ldap.builder.UserLDAPPopulatorBuilder
userPopulator.c=country
userPopulator.givenName=firstName
userPopulator.l=city
userPopulator.mail=email
userPopulator.postalCode=zip
userPopulator.sAMAccountName=username
userPopulator.sn=lastName
userPopulator.streetaddress=address
userPopulator.telephoneNumber=telephone
userPopulator.unicodePwd=password The default advanced configuration also contains the mapping parameters, as listed in the table. You must change them to fit exactly your LDAP attributes.
The settings related to Attributes mapping that are set in the
Advanced configuration are used to automatically prefill the
Attributes mapping section. They will be saved but they will not be displayed anymore
in the Advanced configuration text area, but only in the
Attributes mapping section.
You can fill the Attributes mapping section or the Advanced
configuration. The results will be the same and only visible in
Attributes mapping. Support of LDAP groups for user authentication On the LDAP server side, using the LDAP group mechanism, you can create and configure groups of
users. Then, on the 3DPassport side, you can configure allow lists and deny lists
of groups for the purpose of authorizing access for or denying access to users at
login, depending on which group they belong to. If you decide to use this feature, use an LDAP repository that serves membership
attributes (operational or not). For example: Open LDAP, Active Directory (AD
LDAP).
To configure this feature, first of all, create an organizational unit on your LDAP server, create the groups and add users to the groups. Then, on the 3DPassport side, edit the advanced LDAP configuration as follows: - Map the membership attribute.
You must define the mapping between the 3DPassport
and the LDAP repository for the membership attribute. Most of the time, this attribute will be operational, but
you can also pick a non-operational attribute.
Here are a few examples of attributes used in certain LDAP
solutions: LDAP solution | Name of the attribute for membership |
---|
Active Directory | memberOf | OpenLDAP | memberOf |
This example shows how to set the property with OpenLDAP: userPopulator.memberOf=memberOf
This example shows how to set the property when using an LDAP server that stores the
groups in an attribute named "membership": userPopulator.membership=memberOf
- Enable the feature by setting the following property:
dao.membership.active=true or disable it as follows: dao.membership.active=false - Configure the allow lists and deny lists using following properties:
Property name |
Description |
dao.membership.allowlist.0 |
First group of the allow list |
dao.membership.allowlist.1 |
Second group of the allow list |
dao.membership.allowlist.n |
n-th group of the allow list |
dao.membership.denylist.0 |
First group of the deny list |
dao.membership.denylist.1 |
Second group of the deny list |
dao.membership.denylist.n |
n-th group of the deny list |
Here are examples of properties to set: dao.membership.allowlist.0=cn=allow1,ou=Groups,dc=3ds,dc=com
dao.membership.allowlist.1=cn=allow2,ou=Groups,dc=3ds,dc=com
dao.membership.denylist.0=cn=deny1,ou=Groups,dc=3ds,dc=com
dao.membership.denylist.1=cn=deny2,ou=Groups,dc=3ds,dc=com
Users are authorized or denied access according to the following rules:
- if a user belongs to one or more of the allowlisted groups, access is
authorized
- if a user belongs to one or more of the denylisted groups, the user is denied
access
- denylisted groups take priority over allowlisted groups: this means that if a
group belongs to both a allowlist and a denylist, the group is considered
denylisted.
- if a user does not belong to any allowlisted group and the feature is enabled,
the user is denied access.
When access is denied, the following message is displayed at
login: Your account does not have the required membership Here
is a full example of a typical LDAP allowlist/denylist configuration for an Active
Directory LDAP server:
Type=AD
• Repository name: AD LDAP
• Url(s) of the LDAP server(s) storing the users: ldap://vinduspassportdsy:389
• Distinguished name of the LDAP user: cn=admin,dc=3ds,dc=com
• Password of the LDAP user: Passport1
• Format of users' distinguished name: cn={givenName} {sn},ou=Users,dc=3ds,dc=com
• Base distinguished name of all users operation: ou=Users,dc=3ds,dc=com
Advanced config:
builder=com.dassault_systemes.dspassport.repo.ldap.builder.LDAPRepositoryBuilder
dao.attributesMapper.builder=com.dassault_systemes.dspassport.repo.ldap.builder.SimpleAttributeMapperBuilder
dao.attributesMapper.defaultValues._objectClass.0=inetOrgPerson
dao.attributesMapper.defaultValues._objectClass.builder=com.dassault_systemes.dspassport.repo.ldap.builder.SimpleLdapAttributeBuilder
dao.attributesMapper.defaultValues.userAccountControl=512
dao.attributesMapper.toremove.0=active
dao.attributesMapper.toremoveatinsert.0=userAccountControl
dao.attributesMapper.toremoveatinsert.1=unicodePwd
dao.attributesMapper.toremoveatinsert.2=passwordCreationTime
dao.baseenvtprops.java.naming.security.authentication=simple
dao.builder=com.dassault_systemes.dspassport.repo.ldap.builder.LDAPDAOBuilder
dao.membership.active=true
dao.membership.allowlist.0=cn=allow1,ou=Groups,dc=3ds,dc=com
dao.membership.allowlist.1=cn=allow2,ou=Groups,dc=3ds,dc=com
dao.membership.denylist.0=cn=deny1,ou=Groups,dc=3ds,dc=com
dao.membership.denylist.1=cn=deny2,ou=Groups,dc=3ds,dc=com
dao.pooled=false
dao.transformer.builder=com.dassault_systemes.dspassport.repo.ldap.builder.SimpleUserFilterToRequestTransformerBuilder
fieldHandlers.0.builder=com.dassault_systemes.dspassport.core.builders.impl.fieldhandlers.CaseFieldHandlerBuilder
fieldHandlers.0.exceptions.0=ENOVIA_CLOUD
fieldHandlers.0.fieldName=username
fieldHandlers.1.builder=com.dassault_systemes.dspassport.core.builders.impl.fieldhandlers.ConstantValueFieldHandlerBuilder
fieldHandlers.1.fieldName=company
fieldHandlers.1.fieldValue=Dassault Systemes
sync.enabled=true
sync.frequency=0
sync.password=true
userPopulator.active=active
userPopulator.builder=com.dassault_systemes.dspassport.repo.ldap.builder.UserLDAPPopulatorBuilder
userPopulator.givenName=firstName
userPopulator.mail=email
userPopulator.memberOf=memberOf
userPopulator.o=country
userPopulator.sn=lastName
userPopulator.uid=username
userPopulator.userPassword=password - LDAP Parameter Name
- userPopulator .<LDAP_ATTRIBUTE>=<Passport_attribute>
- Description
This maps a DB attribute to a 3DPassport field. The default attribute list is as follows (* means mandatory): - address
- city
- company
- country*
- email*
- firstName*
- language
- lastName*
- password*
- telephone
- username*
- zip
The syntax is as follows:
userPopulator.ldapfieldname=passportfieldname
where ldapfieldname is the name of the field in your LDAP repository, and passportfieldname is
the name of this field as known in
3DPassport. - Value type
- String
- Mandatory
- no
- Sample value
For example:
userPopulator.unicodePwd = password
userPopulator.givenName = firstName userPopulator.first_name=firstName
The default advanced configuration also contains a default LDAP objectclass definition, as described below: dao.attributesMapper.defaultValues._objectClass.0=user
dao.attributesMapper.defaultValues._objectClass.1=organizationalPerson
dao.attributesMapper.defaultValues._objectClass.2=person
dao.attributesMapper.defaultValues._objectClass.3=top You might want to change them to fit exactly your LDAP configuration. Note:
When the administrator adds an LDAP repository, if this LDAP repository is a Microsoft AD server, the
administrator must add the following line in the advanced configuration:dao.pwdEncoder=ad
which sends the password with a different encoding, UTF16 little endian, which is the encoding
expected by Microsoft AD (but not by OpenLDAP).
- Click Save as draft to create a draft repository.
The repository will be added as disabled, so you can test it and reconfigure it before going live. - On the main page, click Save to save the repository.
Add a WebService Repository
This feature allows 3DPassport
to be plugged into an external SOAP webservice to authenticate users.
In addition to the existing LDAP and SQL repository connectors, it
provides a new SOAP webservice connector to connect to an external
API. Authentication of user accounts will be made through a SOAP
request to the external webservice The external webservice itself
must be publicly available and cannot require credentials to be
used.
Only authentication is supported (i.e the verification of the
credentials provided at the login step), and does not support
retrieval of user account attributes. So it means that the
3DPassport must be prepopulated with the all the user accounts that
will be allowed to authenticate on the 3DPassport and 3DEXPERIENCE platform.
During user account population on 3DPassport, if the password is
set and differs from the external SSO one, then the user will be
allowed to use either the 3DPassport password or the external
SSO password.
-
Click Repository.
-
Click
-
In the Type list, select
WebService.
-
Specify the web service settings in the Basic configuration
section to configure the repository connector.
The settings are:
- Repository name
- Name of the repository
- Type
- WebService type.
- Webservice endpoint
- URL of the SOAP webservice.
- Authentication action
- SOAPAction header value for the authentication operation (optional).
- Authentication request type
- Media type of the content sent in the body of the request. It should be the one
set by default for the SOAP request (text/xml) (optional).
- Authentication request template
- SOAP request content that will be sent to the webservice endpoint. You must
include the placeholders
usertoken and password
that will be sent to the webservice to authenticate users accounts. Here is an
example of a request template:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="https://widgetfactorydev.extranet.3ds.com/api/passport/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<ns1:authenticate>
<param0 xsi:type="xsd:string">{usertoken}</param0>
<param1 xsi:type="xsd:string">{password}</param1>
</ns1:authenticate>
</SOAP-ENV:Envelope>
- Authentication response template
- This is the SOAP response message sent by the webservice and that will be
parsed by 3DPassport. You must set the placeholder
success for the authentication
result (true or false). Here is an example of a response
template:
<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:ns1="https://widgetfactorydev.extranet.3ds.com/api/passport/" xmlns:xsi="httpp://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:ns2="http://xml.apache.org/xml-soap" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/"
SOAP-ENV:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<SOAP-ENV:Body>
<ns1:authenticateResponse>
<return xsi:type="ns2:Map">
<item>
<key xsi:type="xsd:string">success</key>
<value xsi:type="xsd:boolean">{success}</value>
</item>
</return>
</ns1:authenticateResponse>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
- Operations Configuration
- Select the Allow authentication check box.
You can verify the configuration in in the
Repository line.
-
Enable the repository by switching the Active column and click
Test.
Modify a Repository
-
Click Repository.
-
Click to edit the repository.
- Modify the fields in the repository form.
-
Click in the area containing the advanced configuration
parameters.
Only modify the advanced configuration properties if you are aware of what you are
changing.
- Click Save as draft to save the configuration.
- On the main page, click Save to save the repository.
Perform Miscellaneous Repository Actions
-
Click Repository.
-
Switch the Active column to disable or enable
repositories.
When a repository has been disabled by clicking Disable , it is not
taken into account when creating, updating, authenticating and fetching users.
If you disable a repository, the users in the repository will be able to login again
only if the repository was synchronized, password included.
You can only disable non-technical repositories such as the local
sqldb database.
To re-enable a previously disabled repository, you have to at least enable one of the
authentication, create, fetch or update operations, then toggle the button in the
Active column to enable the repository again.
- Click Test to perform a connection test.
When you disable a repository, a message like this is displayed, for example: Success test connection: AD LDAP - Click to get read-only information about how non-technical repository operations (not the local
sqldb database) have been configured, even if disabled. - Click to delete the repository.
If the repository is correctly configured but you do not access it, an error message
is displayed.
|