Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

LDAP Authentication 1

Status
Not open for further replies.

tas1

MIS
Aug 1, 2003
23
GB
Ellipse 5.2.3.7 offers, via the EAC, the choice to use external authentication instead of the usual username and password.

We are in the early stages of considering using LDAP for this. Has anyone tried using this? What steps are required? And above all, does it work?

Thanks
 
Hi, Yes implemented both CICS and Tuxedo LDAP access. Tuxedo is straight forward through the EAC, CICS needs some manual changed to the EAMLDAP.c file in the ecp source area. you have to provide LDAP_HOST, LDAP_PORT, LDAP_USER_BASE, LDAP_USER and LDAP_PASSWORD (The last two only is ACTIVE DIRECTORY is used without the anonymous login enabled.
Recompile ETP or ECP.
restart Tuxedo/CICS (cold start)
change bypass welcome flag in District Control.
Off you go.
Leen van Gent
 
Thanks Ivangent.

Is there a way to deal with users who do not have an AD entry, i.e. share a PC login with others? Does this work with Citrix clients?

Regards
 
The ldap implementation of ECP / ETP is not a single sign-on implementation. you still have to connect using host authentication which is redirected to the LDAP/AD server.
On Citrix you would login with your windows username/password in the ellipse explorer and have a matching signon profile in ellipse.
Mincom is in the process of implementing a single sign-on but that will take at least another 6 months before available. No problems with citrix or shared pc's. By the way Citrix is the best way of client deployment from a management point of view that is.
 
Interesting thread. We are in the process of upgrading from MIMS4.3 to Ellipse 6.1 and have attempted to configure external authentication via CICS/ECP. The first thing we noticed was that CICS truncates the userid and password to 8 characters. Mincom have confirmed that it is a current limitation of EAMLDAP.
 
We have used it here since going tro version 5.2.3.7 by allowing cics to validate the user. Downside is your password is limited to 8 characters. what version of eac are you running?
 
We are using eac31_11. We are already limited to 8 characters due to enhanced security. Was it easy to set up, i.e following the advice above?
 
Mincom have fixed their External Authentication 8 character limitation on both userid and password lengths. ECP 3.4 fixes this issue. We are now successfully using host authentication against MSAD. It was easy to setup once Mincom provided their undocumented instructions.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top