Knowledge Base
  • Introduction
  • Events and Actions
  • Action Panel
  • sending email
  • calling a SQL action from a client side js action
  • Accessing to translations form a server
  • Executing SQL statements from within an action
  • How to invoke a generic SQL statement defined through a SQL action
  • How to show a message dialog
  • checking for "undefined" values
  • How to add spaces to the right of a text
  • How to create a docx report and show it on the web browser Enterprise Edition only
  • How to get or set a value from the graphics control
  • How to invoke a generic SQL query defined through a business component
  • How to remove spaces to the left and right of a text
  • How to support multiple themes in a single application, accoding to a rule
  • How to set content to a Google Map linked to a grid or form
  • How to replace all occurences of a pattern from a text
  • Utility methods
  • Link auto login
  • Creation of a link for the first access of a new user without give the user a password and forcing
  • Forgot password
  • setting up default values from values coming from a filter panel
  • identifing the modified record after the alteration
  • enabling/disabling checkboxes in a grid
  • Filtering a Lookup
  • formatting a column
  • using checkboxes to select rows in grid
  • showing a summary row in grid
  • Disabling a toolbar button
  • Configuring grid exports
  • Adding filter conditions to a grid
  • Filtering the grid content from a tree
  • Filtering the tree content, starting from a filter panel linked to a grid
  • collapsing a panel
  • validating a lookup
  • accessing the authorizations set for a specific grid
  • How to design a web service
  • How to remotelly invoke an action or business component or perform a write operation through a Restf
  • how to feed a grid from a JS business component
  • converting a JS object to a JSON string
  • executing a query
  • passing parameters to a server side JS action
  • return value
  • scheduling and frequency
  • finding the right filter panel
  • checking out if a component has been defined
  • Deploying an application
  • Enquiring a table belonging to the Platform repository
  • Adding a where clause to a business component linked to grid
  • Integrating Mailchimp lists
  • Formatting a number as a currency value to use it inside an email template
  • sending email from a template
  • How to send an email
  • Error 'smtpHost' is empty
  • Linking two windows
  • How to open manually a window from another window
  • How to open manually a popup window
  • How to hide a panel in a window dinamically
  • How to manage folder panels
  • How to manage card panels
  • Predefined variables supported by Platform
  • Accessing the application parameters
  • Application Log
  • How to design a web service
  • How to import java classes in server
  • How to import java classes in server
  • How to dynamically set a value on a combo
  • 4WS.Platform
  • How to listen to events in a mobile HTML panel
  • Issues with HTTPS requests
  • How to manage row totals in grid
  • How to send to the UI a notification to execute code automatically
  • How to filter a chart by date interval
  • How to filter a grid by date interval
  • How to read a text or csv file and save data on the database
  • How to write text or csv files
  • Reading an xls file stored in the specified path
  • How to create a report with Jasper Report
  • How to customize the alert message content
  • Setting up a cluster
  • Uploading and downloading files
  • How to listen to user definition changes
  • How to auto-show a window from login
  • How to manage encrypted fields
  • How to change CSS settings for a grid row
  • Customizing a Tree Panel
  • How to execute complex queries on Google Datastore
  • Theme customization
  • Retrieve and send the log of a mobile app
  • Import Roles and Users
  • How to synchronize multiple Form panels in the same window
  • Anchor buttons
  • Properties of subpanels
  • Bulk import
  • How to display the data not found message in a grid
  • How to setup an LDAP based authentication
  • How to synchronize data from Datastore to BigQuery
  • How to synchronize data from Datastore to Google Spanner
  • How to synchronize data from Datastore to CloudSQL
  • Scrollable form list
  • How to setup SAML authentication
  • How to export data from BigQuery in streaming
  • Update Google Spreadsheet
  • How to setup OAuth2 authentication
Powered by GitBook
On this page
  • Gathering required connection settings from your client
  • Validating the connection settings
  • Setting up Platform with the connection settings, according to the needs
  • Activate users synchronization
  • Execute authentication and auto create the user in Platform

Was this helpful?

How to setup an LDAP based authentication

In order to connect Platform to an LDAP server, 3 steps are needed:

  • gathering required connection settings from your client

  • validating the connection settings

  • setting up Platform with the connection settings, according to the needs

Gathering required connection settings from your client

First of all, you have to ask your client to provide the following information:

  • LDAP host name or IP; this host must be reachable from your Platform server, not only in terms of host but also of opened port

  • LDAP host post, typically it is the 389 for a standard LDAP connection, but it could be different if the protocol is not LDAP

  • LDAP protocol: in most of the cases it is LDAP, but it can be LDAPS (secured LDAP); in the latter case, it is likely that the port is not 386

  • Base DN, i.e. a filtering path to use when authenticating a user on LDAP; this information is mandatory and it cannot be empty: your client cannot say it is empty; there is always a base filtering condition, at least composed of the company domain (e.g. "ou=mydeprtment,dc=sinesy,dc=it")

  • the list of attributes to gather for each user; pay attention to the attribute names: they are case sensitive for the LDAP (e.g. ssAMAccountName, displayName, givenName, sn, userPrincipalName)

  • the attribute of a user which identifies univokely a user; there can be more than one attribute which can be used as a unique field, like ssAMAccountName or userPrincipalName; the right choice depends on the user format to digit in the username field on the login screen: if a user is identified in the LDAP with a domain also (e.g. "domain\username" or "username@domain") and you do not want to force the users to type the domain in the login field, you must choose an attribute including the domain as well

  • username+password credentials to synchronize one of all users from the LDAP server

Validating the connection settings

It is very likely that the information provided by your client is wrong somewhere, The best thing is always to check it out, using an LDAP client. You can download JXExplorer, a free LDAP client and use it to test the correct authentication, starting from the connection settings provided by your client. The best thing would be to install JXExplorer in the Platform server.

Typical errors here are:

  • the LDAP is not reachable from Platform: ask you client to open port/host to let Platform to reach it

  • the list of attribute names provided is wrong (e.g. SSAMAccountName instead of ssAMAccountName); use JXExplorer to check out the real names of the attributes: once authenticated in JXExplorer, navigate in the tree until you find a person, then select it and chose the "Tabular data" folder on the right: here you can check out the attribute names and compare them with the wrong ones provided by the client

  • the authentication failed with a 49 errore code; it means "invalid credentials" and it can be due to several reasons:

    • the username is not valid; for example, the right username could be domain\username

    • the password is not valid

    • the user is locked/not active in the LDAP

    • the Base DN is wrong

Once you verified the correct authentication in JXExplorer, you can continue with step 3.

Setting up Platform with the connection settings, according to the needs

The LDAP authentication requires that the user to authenticate has been already registered in Platform tables, in terms of user (PRM01, SUB02/SUB3, PMR08) and roles (PRM06).

Consequently, there are 2 alternative ways to configure Platform with an LDAP:

  • activate users synchronization, so that through a scheduled process (executed every night for example) all users are imported in Platform tables; once a user needs to authenticate to Platform, the authentication process is forwarded to the LDAP and after a successful authentication, the user profile is retrieved from Platform tables, where the user has been already configured.

    • Pros: a Platform administrator can see all users already imported from the sync process and assign the right roles to each user

    • Cons: it is not a suitable choice for LDAP servers containing a large amount of users (more than a few thousands); a Base DN filtering condition would be used in such a case, in order to significantly reduce the amount of users; if this is not possible, use the alternative configuration way reported below

  • execute authentication and create the user in Platform tables just after a successful authentication in the LDAP

Activate users synchronization

The following Global parameters must be defined:

LDAP section

  • port - LDAP port

  • server - LDAP host name

  • account auth format - e.g. {u}domain or {SUB01.EMail} or {PARAM.ALTERNATIVE_USERNAME} if you want use the username in PRM08_USER_PSSPORTS with PARAM_ID='ALTERNATIVE_USERNAME' (customization)

  • Sync: company, site to use when creating records from LDAP - youcompanyid,yoursiteid

  • LDAP synchronization - checked

  • Password to use when connecting to LDAP

  • Username to use when connecting to LDAP

  • Base LDAP path when searching for users - e.g. ou=mydeprtment,dc=sinesy,dc=it

  • (optional) Users LDAP filter - e.g. (objectClass=user)

  • (optional) fields to manage in LDAP users - e.g. sAMAccountName;displayName;;givenName;sn;userPrincipalName

  • (optional) field types to manage in LDAP users - e.g. UserFormatType;;;;;

  • (optional) LDAP attribute for user id - e.g. sAMAccountName

  • Base LDAP path when searching from groups - used only if you want to read roles as well

  • (optional) Groups LDAP filter - used only if you want to read roles as well

  • (optional) fields to manage in LDAP groups - used only if you want to read roles as well

  • (optional) field types to manage in LDAP groups - used only if you want to read roles as well

  • (optional) LDAP attribute for group id - used only if you want to read roles as well

SSO section

  • Authentication: sorted list of auth. systems - LDAP + Default Authentication

  • Fields for 4WS users table - e.g. pk.userCodeId;description;password;SUB01.firstName;SUB01.lastName;SUB01.EMail

SECURITY_SYNC section

  • Sources for sync process - LDAP

  • Destinations for sync process - 4WS

  • Sync users - checked

Execute authentication and auto create the user in Platform

First of all, you have to setup the settings reported in the previous section, but without creating any sync scheduled process: the sync process will be used only to get information about the current authenticated user and create it in Platform tables, if needed.

The following Global parameters must be defined:

  • Autocreate user from LDAP - checked

  • Autoupdate user from LDAP - checked

  • Autoassign current role to new LDAP user - role id to set

PreviousHow to display the data not found message in a gridNextHow to synchronize data from Datastore to BigQuery

Last updated 1 year ago

Was this helpful?