When CentraSite utilizes a user repository, certain connection parameters are required. The connection parameters are stored in an authentication configuration. If you need to work with more than one user repository (for example, a user repository for test purposes and a user repository for a production environment), you can define several authentication configurations.
At any given time, only one authentication configuration can be the default authentication configuration.
You can create the authentication configurations as described in the following sections.
After creating or modifying the authentication settings, the new settings apply immediately to the CentraSite Registry/Repository.
Commands for creating and maintaining authentication configurations are available with the command line tool CentraSiteCommand. You can use this tool to perform the following tasks:
Create an authentication configuration
Modify an authentication configuration
Delete an authentication configuration
Set a default authentication configuration
List the names of all defined authentication configurations
List details of a specific authentication configurations
Validate that an authentication configuration is correctly specified
For information on how to perform these tasks, see the section Configuring the Authentication Settings in the document Basic Operations.
Unless the type of authentication that you wish to specify is "INTERNAL", the authentication configuration requires a domain name. This is the domain name that will be used to address the users who are authenticated against the specified user repository.
Important:
When working with LDAP, the domain name should be the name of a
specific domain controller (DC) node in the LDAP tree structure. There can be
many DC nodes in an LDAP tree structure, and you must choose the DC node that
is the deepest ancestor node (parent, grandparent etc.) of all of the user
nodes. Here, "deepest" means furthest away from the LDAP tree's
root node. For example, if the usernames in an LDAP tree structure are located
in the LDAP path uid=Username,ou=People,dc=mydomain,dc=com
, then
both dc=mydomain
and dc=com
are ancestor DC nodes of
the user nodes, but since dc=mydomain
is deeper than
dc=com
, you should specify the domain name as
"MYDOMAIN" and not "COM".
If the path to the user nodes does not include any DC nodes, specify the root
node. For example, if a user's full path is
cn=Username,ou=People,ou=RnD,o=Company
, set the domain name to
"Company".
The domain name for an authentication configuration of type Internal is always "INTERNAL". Since this name is fixed, there can be only one such configuration defined per instance of the CentraSite registry.
When you specify an authentication configuration, you specify the correlation between properties stored in the CentraSite JAXR-based model for the object type User and properties stored in the external user repository.
The JAXR-based properties stored in CentraSite for the object type User are organized according to the following structure:
description organization personName firstName middleName lastName fullName postalAddresses postalAddress street streetNumber postalCode city stateOrProvince country postalScheme emailAddresses emailAddress address telephoneNumbers telephoneNumber countryCode areaCode number extension url URL
The mappings are used in CentraSite Control when you create a new CentraSite user and wish to associate the user with a user in the external user repository and also when you click on
for a user in the CentraSite Control. The corresponding dialog in CentraSite Control for locating the external user definition includes a search capability in which you can specify the JAXR-based mapping properties mentioned above to locate a particular user. The search mechanism translates the JAXR-based property searches into corresponding searches of the properties of the external user repository, using the mappings you define here. See the section Adding a User in the document Users, Groups, Roles and Permissions for further information.Specify the mappings as required. Typically, you only specify mappings for properties that you wish to make available for searches of the external user repository. If you do not require the capability of searching the external user repository, you can leave all of the fields empty.
Note:
User property mappings are not available for users who are stored in
the internal repository.