Table of Contents
Advertisement
LDAP authentication types
LDAP server must verify the user's display name. This is usually a unique name in the LDAP tree that is associated
with the user. CPS receives only a user name, so it must retrieve the user's display name, based on the user name, to
authenticate the user.
In your User Directory service configuration, you can select one of four types of LDAP authentication:
LDAP bind authenticates users by pre-pending a specified prefix and appending a specified suffix to the user ID.
1
With this method, you can specify only a single prefix and a single suffix.
Use this method if all the DNs in your LDAP directory are stored as
If all DNs are not stored according to this pattern, then this method does not enable you to construct a path to all
the users in your system.
2
LDAP bind (auto-find user DN) authenticates users in a two-step process: CPS looks up the user ID of the user
who's trying to log in to determine that user's DN, and then uses the DN to authenticate the user.
Use this method if all your DNs are not stored according to the same
For example, if you have set up CPS to search multiple branches (OUs) of your LDAP tree, and those branches store
DNs in different ways, then you should use this authentication method.
Although this method requires and extra LDAP search (compared to the LDAP bind method), it gives you more
flexibility.
Password in file authenticates users using passwords that you specify when you add users to the file-based User
3
Directory.
Note: If you use the file-based authentication with an LDAP Directory, you must have a file entry for each user in your
LDAP directory.
Windows domain uses your organization's Microsoft Windows® authentication solution.
4
If you use this method, the User IDs in your LDAP directory must match your Windows user IDs.
Authentication workflow
When you attempt to connect to a CPS-managed website through Contribute, the process through which CPS
communicates with your organization's LDAP or other user directory service is as follows:
1
Contribute prompts you for user directory authentication credentials.
Contribute generates a Simple Object Access Protocol (SOAP) user authentication message, and sends the
2
request to CPS over an SSL-encrypted network connection.
Note: While sending SOAP requests to CPS, Contribute sends the request over an SSL encrypted network connection,
and uses port 8900 by default. The message timeout is 20 seconds.
CPS requests authentication from the LDAP server by using the credentials specified in the SOAP user authenti-
3
cation message.
Note: While sending requests to the user directory server, CPS sends the request over an LDAP or LDAPS network
connection, and uses ports 389 and 636 by default. The message timeout is 60 seconds.
4
The LDAP server attempts to validate the credentials and sends the resulting confirmation or rejection to CPS.
If the authentication was successful, CPS sends a connection key to the Contribute client for each website that
5
you have access to.
CPS authenticates users against the LDAP directory. For CPS to authenticate a user, the
prefix + <username> + suffix
prefix + <username> + suffix
ADOBE CONTRIBUTE CS3
39
User Guide
pattern.
Advertisement
Table of Contents
