Active Directory authentication

User 596f3ef229

14-12-2009 01:49:12

We are currently using IJC database user security but I have been thinking of moving our account information to our AD server to remove account duplication across multiple schema. Can someone tell me how this can be done or where I can find the information I need?

ChemAxon fa971619eb

14-12-2009 15:53:54

To use Active Directory for authentication you should set up security as described here:


http://www.chemaxon.com/instantjchem/ijc_latest/docs/user/help/htmlfiles/security/changing_security_settings.html


http://www.chemaxon.com/instantjchem/ijc_latest/docs/user/help/htmlfiles/security/security_templates.html


and choose the Active Directory template.


This template was provided to us by a customer who used the LDAP configuration as a starting point (Active Directory is Microsoft's proprietary system that is based on LDAP, but does it in Microsoft's own peculiar way!). We know of at least one other customer who has used this template successfully.


You will at the very least need to change the server URL, managerDn and managerPassword properties, and possibly some other properties such as the userDnPatterns. Exactly which proeprties you need to set and which settings are needed will depend on your Active Directory configuration, for which you will probably need to consult with your network administrator.


 


Tim

User 9f6f294e9f

15-09-2010 07:45:14

Tim


How can the managerDn and managerPassword be encrypted ? As things stand any database user with read access to the IJC tables can take a look at the password credentials.


Regards


Ant

ChemAxon fa971619eb

16-09-2010 18:30:46

I'm not sure if its posible to encrypt the password within the file. We need to investigate this.


But if its not possible then we shoudl be able to encrypt the whole XML file that is stored in the DB.


Tim

User 9f6f294e9f

17-09-2010 07:37:45

Maybe encrypting the whole thing is a better idea Tim, I hadn't thought of that option.

ChemAxon fa971619eb

12-01-2011 11:16:40

Since IJC 5.4 the security configurations are encrypted when stored in the database. When a security config is now saved it will automatically be encrypted. This avoids passwords being seen by unwanted eyes.


Tim