This section describes how to perform various maintenance operations on your defined authentication configurations.
You can test whether an authentication configuration contains the correct values for accessing the user repository.
Note:
The feature is currently only available for LDAP authentication
configurations.
To test an LDAP authentication configuration, use the command line tool
CentraSiteCommand with the option validate Authentication. Details
of the tool syntax are provided in the section Configuring the
Authentication Settings
of the document Basic Operations.
During the validation, CentraSite attempts to access the user repository and returns status messages indicating the following:
Whether the user repository is currently accessible.
Whether the user with the given password exists in the user repository.
Whether the mappings for users are correct.
Whether the references between groups and users are correct.
Some of the possible error messages and their causes are listed below:
This message appears if you specify an incorrect port number, even if the host name is correct.
This message appears if any of the following conditions is met:
Incorrect DN specified in user information.
Incorrect object class specified in user information.
Incorrect user filed in user information.
Invalid user-ID/password combination.
To edit an existing authentication configuration, use the command line
tool CentraSiteCommand with the option set Authentication. Details
of the tool syntax are provided in the section Configuring the
Authentication Settings
of the document Basic Operations.
If you do not require a particular authentication configuration any more, you can delete it from the list of available configurations.
You cannot remove the pre-installed domain "INTERNAL".
If you remove a configuration that is the current default configuration, the configuration is removed and the default reverts to the INTERNAL configuration.
To delete an existing authentication configuration, use the command line
tool CentraSiteCommand with the option remove Authentication.
Details of the tool syntax are provided in the section Configuring the
Authentication Settings
of the document Basic Operations.
Note:
When you delete an authentication configuration, CentraSite does
not delete the user objects that are associated with this configuration. Thus,
these users will still be displayed in the list of users in
CentraSite Control, even though the domain to which they belong is no longer
accessible to CentraSite.
If you have defined more than one authentication configuration, you can change the current default configuration to one of the other configurations.
The user domain of the new default configuration must include at least one user who is defined in CentraSite with the "CentraSite Administrator" role, otherwise you will be prompted to enter a user who will be defined as administrator in that configuration.
To set a new default authentication configuration, use the command line
tool CentraSiteCommand with the option set DefaultDomain. Details
of the tool syntax are provided in the section Configuring the
Authentication Settings
of the document Basic Operations.
If the user domain of the configuration that you wish to set to the default does not contain any user who is defined in CentraSite with the "CentraSite Administrator" role, a dialog will appear, asking you to provide the user name and password of a domain user who will be granted this role in CentraSite.
If the user already exists in CentraSite, but does not have the "CentraSite Administrator" role, the role will be granted to the user. If the user does not exist in CentraSite, a user with the given user name will be created in CentraSite and will be granted the "CentraSite Administrator" role.
The dialog also allows you to specify an organization for the user, in cases where the user did not already exist in CentraSite. The newly created CentraSite user will be assigned to this organization. If you do not specify an organization, the user is assigned to the default organization.
Users who are in the default domain can log in without having to specify the domain name, but they can specify the domain name if they wish. Users who are not in the current default domain always have to specify the domain name when logging in.
Notes:
When you set a new default authentication configuration, you might wish to change the association between CentraSite users (i.e. CentraSite registry objects representing users) and users in the external user repository. For information on how to do this, and in particular if you wish to do this for many users, refer to the topic Re-Associating Users in the document Users, Groups, Roles and Permissions.
