Active Directory authentication

We are currently using IJC database user security but I have been thinking of moving our account information to our AD server to remove account duplication across multiple schema. Can someone tell me how this can be done or where I can find the information I need?

To use Active Directory for authentication you should set up security as described here:

http://www.chemaxon.com/instantjchem/ijc_latest/docs/user/help/htmlfiles/security/changing_security_settings.html

http://www.chemaxon.com/instantjchem/ijc_latest/docs/user/help/htmlfiles/security/security_templates.html

and choose the Active Directory template.

This template was provided to us by a customer who used the LDAP configuration as a starting point (Active Directory is Microsoft's proprietary system that is based on LDAP, but does it in Microsoft's own peculiar way!). We know of at least one other customer who has used this template successfully.

You will at the very least need to change the server URL, managerDn and managerPassword properties, and possibly some other properties such as the userDnPatterns. Exactly which proeprties you need to set and which settings are needed will depend on your Active Directory configuration, for which you will probably need to consult with your network administrator.

 

Tim

Tim

How can the managerDn and managerPassword be encrypted ? As things stand any database user with read access to the IJC tables can take a look at the password credentials.

Regards

Ant

I'm not sure if its posible to encrypt the password within the file. We need to investigate this.

But if its not possible then we shoudl be able to encrypt the whole XML file that is stored in the DB.

Tim

Maybe encrypting the whole thing is a better idea Tim, I hadn't thought of that option.

Since IJC 5.4 the security configurations are encrypted when stored in the database. When a security config is now saved it will automatically be encrypted. This avoids passwords being seen by unwanted eyes.

Tim