Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Virtualization Tutorial… LDAP Domains in CIS

Published byCameron Powell Modified over 6 years ago

Similar presentations

Presentation on theme: "Data Virtualization Tutorial… LDAP Domains in CIS"— Presentation transcript:

1 Data Virtualization Tutorial… LDAP Domains in CIS
Hello, and welcome to the Tutorial series for Cisco Information Server, or CIS. Tutorials are brief instructional videos that demonstrate specific features of CIS In this tutorial, we discuss the use of LDAP domains in CIS.

2 For more details… Resources: Additional information: Archives
Documentation Training Resources: Archives Data files Tutorial Document Note that Tutorials are NOT meant to be comprehensive training modules. Instead, they demonstrate a very basic use case that can be built quickly and easily. However, the Data Virtualization Knowledge Base contains additional information that will help you learn more and go deeper. Additional resources in the Knowledge Base include: <CLICK> Resources used to build the tutorial, such as Data Virtualization Archive files, data source files, and a document version of this tutorial… <CLICK> … and additional information, including documentation and training materials.

3 Agenda What are they and why do they matter? A basic demo Summary
Here is our agenda. We begin by defining CIS LDAP Domains and outlining their importance for our customers. Next we walk through a very basic demo of using a CIS LDAP domain to define Groups and Users. Finally, we summarize the contents of this tutorial.

4 Agenda What are they and why do they matter? A basic demo Summary
Let’s begin by defining CIS LDAP Domains and examining their importance for data virtualization.

5 What are they? CIS Domains are used to: Define Groups and Users
Assign Rights There are three types of CIS Domains: Composite Dynamic LDAP CIS Domains are containers for defining, and assigning Rights, to CIS Groups and Users. CIS Supports three types of domains: The Composite domain is for groups and users that are completely managed within the CIS product suite. There is one and only one Composite domain within a CIS instance. The Dynamic domain is for pass-through authentication to underlying physical data sources. There may be at most one Dynamic domain within a CIS instance. LDAP domains within CIS interface with existing enterprise deployments of Lightweight Directory Access Protocol products, such as Active Directory, eDirectory, or iPlanet. There may be zero, one, or many LDAP domains within a CIS instance.

6 Why do they matter? LDAP Domains
Leverage existing enterprise security infrastructure Avoid duplication of effort by administrators Ensure consistency as groups and users change over time LDAP Domains are important to enterprise customers because they enable CIS to leverage existing security policy that is embodied in their LDAP deployments. This means that system administrators can define users and groups once in their LDAP systems, and do not have to perform extra work to define these users and groups in CIS. This ensures that CIS will remain consistent with enterprise security policies as Groups and Users change over time.

7 Agenda What are they and why do they matter? A basic demo Summary
Next, let’s walk through a very basic demo of LDAP domains in CIS.

8 Demo: Here is the business problem…
Here is the business problem we illustrate in this tutorial.

9 Demo: Here is the business problem…
CIS Composite Domain Administrators Group This enterprise wants a small group of CIS administrators to be managed directly through the CIS Composite domain.

10 Demo: Here is the business problem…
CIS Composite Domain Administrators Group Dev Group Analyst Group Active Directory CIS LDAP Domain However, we want all other users, including developers, analysts, and sales people, to be managed within Microsoft’s Active Directory, which provides a single point of management for all of their enterprise authentication needs. CIS will leverage this Active Directory infrastructure, and automatically adapt as users come and go from Active Directory. Sales Group

11 Demo: before you begin…
Install and configure an LDAP Browser Whenever you work with LDAP and CIS, you may find it useful to have an LDAP browser utility handy. <CLICK> The Softerra LDAP Browser shown here is a free download, and works quite well. <CLICK> It will help you understand the schema and contents of any particular LDAP instance. <CLICK> It will also help you build the exact URL you will need to specify in CIS… <CLICK> … and help you verify that your credentials are accurate and properly formatted.

12 Demo: before you begin…
Verify connectivity to LDAP An LDAP browser, such as the Softerra browser shown here, allows us to test connectivity to our LDAP directory before we try to configure CIS. It also helps us understand the structure of the LDAP directory, so we can verify that our ldap.properties file has been configured correctly. To connect to an LDAP directory, we begin by right-clicking the top of the namespace tree and selecting New Profile. <CLICK> We provide a name for the profile… <CLICK> … and then specify the host and port. Once we have specified the host and port, we can click the “Fetch Base DNs” button to populate a drop-down list of available entry points to the directory schema. DN stands for “distinguished name,” which is a unique identifier in LDAP. In this example, our data exists in an Active Directory application partition with a Distinguished Name of Organization equals DemoCorp, Country equals US, as shown here. <CLICK> Now we specify the id and password. Click “Save password” to make subsequent access easier. <CLICK> The LDAP data is now available to us.

13 Demo: before you begin…
Configure the ldap.properties file in CIS Before you connect CIS to an LDAP Server, you must supply a properly-configured ldap.properties file. This provides details about the specific schema of the LDAP instance you are integrating. <CLICK> This file must be placed in the directory shown here.

14 Demo: Set the stage CIS reads LDAP, but never writes
Initial synchronization downloads selected LDAP groups to CIS Group Rights and Privileges are assigned in CIS Individual Users are not created in CIS until their initial login CIS uses the LDAP server to authenticate at login time Before we begin, , let’s level-set on some of the technical underpinnings of LDAP domains in CIS. First of all, it is important to understand that CIS READS the LDAP repository but never WRITES to it. This is an important requirement for LDAP administrators. When we first define the LDAP domain, CIS will download LDAP Groups that are specified in our ldap.properties file. If Groups are added and deleted frequently, we may want to re-synchronize from time to time. It is not necessary to re-synchronize as users are added and deleted. Once our Groups are downloaded, we will assign them Rights and Privileges within CIS. We use LDAP for Authentication, but Authorization is still determined within CIS. This is appropriate because authorization controls are very specific to Data Virtualization resources, and LDAP has no knowledge of these resources, which include Views, Procedures, Transformations, and so on. Although we have created Groups, no users will be created in CIS until they actually attempt to log in to CIS. At login time, CIS asks the LDAP server to authenticate the user. This demo uses simple password-based authentication, but Kerberos authentication may also be implemented. If the authentication is successful, and if this is the user’s first login, CIS will then create the user and assign it to the Groups to which it belongs.

15 Demo: Explore and explain the LDAP content
As our LDAP browser shows, for this particular LDAP deployment, our CIS users reside in three different Organizational Units: Development, Eagle, and Sales.

16 Demo: Explore and explain the LDAP content
These containers are defined by default as part of the Active Directory installation, and contain no data.

17 Demo: Explore and explain the LDAP content
Within each Organizational Unit, we have defined users…

18 Demo: Explore and explain the LDAP content
… and groups.

19 Demo: Explore and explain the LDAP content
Within each group, we have also defined users as members of the group.

20 Demo: Explore and explain the LDAP content
The Roles container is also installed by default, and contains various containers for administrative roles. Note that we have also defined a user named CISReader. This user has been assigned to the group named Readers, which means it can read data from Active Directory, but cannot make any changes. We will use CISReader as the user that CIS Manager employs to read data from Active Directory.

21 Demo: Explore and explain the ldap.properties file
Section 1: Define query for all users We will query these containers We only want user objects Now that we understand the structure of our specific LDAP directory, let’s see how the CIS ldap.properties file has been configured to use this directory. The properties file contains four sections. Section one defines the query parameters that CIS will use to find all users. <CLICK> We specify that CIS should search three Organizational Unit containers… Sales, Development, and Eagle. <CLICK> We specify that we are only interested in User objects. <CLICK> An LDAP user may have many attributes. We choose the uid attribute as the one that will be used as the CIS login. You may choose any attribute that your organization wishes to use as the CIS User ID. <CLICK> We specify no timeout period for the query. No timeout value is specified The CIS Login will be taken from this LDAP user attribute

22 Demo: Explore and explain the ldap.properties file
Section 2: Define query for all groups We will query these containers We only want group objects Section two defines the query parameters that CIS will use to find all groups. <CLICK> We specify that CIS should search three Organizational Unit containers… Sales, Development, and Eagle. <CLICK> We specify that we are only interested in Group objects. <CLICK> An LDAP group may have many attributes. We choose the cn, or Common Name attribute as the one that will be used as the CIS group name. <CLICK> We specify no timeout period for the query. No timeout value is specified The CIS group name will be taken from this LDAP group attribute

23 Demo: Explore and explain the ldap.properties file
Section 3: Define user authentication parameters We will do a case-sensitive lookup We will look in these containers Section three defines the parameters that CIS will use to authenticate a user at login time. <CLICK> We specify a case-sensitive lookup. <CLICK> We specify that CIS should search three Organizational Unit containers… Sales, Development, and Eagle. <CLICK> We specify that we are looking for a User object… <CLICK> …with a uid attribute that matches the CIS login. <CLICK> Once we find a match, we specify that the uid attribute is the data we want returned to CIS. <CLICK> We specify a timeout period of 1,000 milliseconds. We specify a timeout value of 1,000 milliseconds We only want user objects The CIS Login will be matched to this LDAP user attribute

24 Demo: Explore and explain the ldap.properties file
Section 4: Find all of a user’s LDAP group memberships We will look in these containers We will look for group objects We specify a timeout value of 1,000 milliseconds The LDAP group names are in this group attribute Section four defines the parameters that CIS will use to find all of a user’s LDAP group memberships. <CLICK> We specify that CIS should search three Organizational Unit containers… Sales, Development, and Eagle. <CLICK> We specify that we are looking for Group objects… <CLICK> …that have a member with the Distinguished Name that will be passed by CIS. <CLICK> The Group Name we want returned to CIS resides in the LDAP cn, or Common Name attribute. <CLICK> We specify a timeout period of 1,000 milliseconds.

25 Demo: Create the LDAP Domain in CIS
Now we are ready to create the LDAP domain in CIS. <CLICK> We log in to CIS Manager, and select Domain Management from the Users tab… <CLICK> …then click Add Domain. <CLICK> We fill in the required information. <CLICK> To find the exact URL we need, we can look at the connection properties from our LDAP browser. The URL is found on the Profile tab… <CLICK> … and the Login name is found on the credentials tab.

26 Demo: Create the LDAP Domain in CIS
When we click OK, the LDAP domain is created.

27 Demo: Assign rights to a group
Now we can add groups to the domain. We select the domain, and click “Edit External Groups.” <CLICK> We select all the groups, and click OK.

28 Demo: Assign rights to a group
Now we can assign Rights to a group. We navigate to Group Management… <CLICK> …choose the Architects group, and click Edit Group. <CLICK> We’ll give the Architects Rights from the Developer template, which allows them to access Studio.

29 Demo: Assign rights to a group
Our Architects group now has Rights assigned to it. <CLICK> However, the group still has no users. That’s because CIS does not create a user from an LDAP group until that user actually logs in for the first time.

30 Demo: Log in as a group member
Let’s log in as a member of the Architects group, Archie Architect. We use the uid attribute from LDAP as the user name, and enter the password. We specify ldap-demo as the domain. <CLICK> We log in, and see that Archie has access to the Shared folder, and a blank My Home folder because he is a new user. If you get an error message at login time, and you are on a slow network connection, you may want to adjust the timeout period in the ldap.properties file.

31 Demo: Log in as a group member
When we go to User Management in CIS Manager, we can see that Archie is now defined as a user. <CLICK> He is a member of the Architects group, as well as the All group. Our demo is complete.

32 Agenda What are they and why do they matter? A basic demo Summary
Let’s review what we have seen in this tutorial.

33 Summary There are three types of CIS Domains: Composite Dynamic LDAP
LDAP Domains Leverage existing enterprise security infrastructure Avoid duplication of effort by administrators Ensure consistency as groups and users change over time CIS Domains are containers for defining, and assigning Rights, to CIS Groups and Users. CIS Supports three types of domains: The Composite domain is for groups and users that are completely managed within the CIS product suite. There is one and only one Composite domain within a CIS instance. The Dynamic domain is for pass-through authentication to underlying physical data sources. There may be at most one Dynamic domain within a CIS instance. LDAP domains within CIS interface with existing enterprise deployments of Lightweight Directory Access Protocol products, such as Active Directory, eDirectory, or iPlanet. There may be zero, one, or many LDAP domains within a CIS instance. LDAP Domains are important to enterprise customers because they enable CIS to leverage existing security policy that is embodied in their LDAP deployments. This means that system administrators can define users and groups once in their LDAP systems, and do not have to perform extra work to define these users and groups in CIS. This ensures that CIS will remain consistent with enterprise security policies as Groups and Users change over time. Thank you.

34 TOMORROW starts here.

Download ppt "Data Virtualization Tutorial… LDAP Domains in CIS"

Similar presentations

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.

Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Michael Donovan, River Campus Libraries – 12/03 DocuShare Overview and Training.

Michael Donovan, River Campus Libraries – 12/03 DocuShare Overview and Training.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.
Browser and E-mail Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.

Browser and Basics Tutorial 1. Learn about Web browser software and Web pages The Web is a collection of files that reside on computers, called.
Understanding Active Directory

Understanding Active Directory
1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.

1 Chapter Overview Creating User and Computer Objects Maintaining User Accounts Creating User Profiles.
Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.
ShelterPoint™ Data-Entry Workflows. ShelterPoint v5.2.3.

ShelterPoint™ Data-Entry Workflows. ShelterPoint v5.2.3.
Deployment Management The following screens demonstrate how to: 1. Access and view deployments 2. Create a new local deployment 3. Create and modify a.

Deployment Management The following screens demonstrate how to: 1. Access and view deployments 2. Create a new local deployment 3. Create and modify a.
Snippet Management The following screens demonstrate how to: 1. Access and view snippets 2. Create a local standard snippet, or a local class snippet 3.

Snippet Management The following screens demonstrate how to: 1. Access and view snippets 2. Create a local standard snippet, or a local class snippet 3.
Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.

Login Screen This is the Sign In page for the Dashboard Enter Id and Password to sign In New User Registration.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.

03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
Classroom User Training June 29, 2005 Presented by:

Classroom User Training June 29, 2005 Presented by:
XP New Perspectives on Browser and E-mail Basics Tutorial 1 1 Browser and E-mail Basics Tutorial 1.

XP New Perspectives on Browser and Basics Tutorial 1 1 Browser and Basics Tutorial 1.
WaveMaker Visual AJAX Studio 4.0 Training Authentication.

WaveMaker Visual AJAX Studio 4.0 Training Authentication.
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.

Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
Security Planning and Administrative Delegation Lesson 6.

Security Planning and Administrative Delegation Lesson 6.
MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # 70-643) Chapter Four Windows Server 2008 Remote Desktop Services,

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # ) Chapter Four Windows Server 2008 Remote Desktop Services,
LDAP Authentication Copyright © 2000-2007 Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.

LDAP Authentication Copyright © Liferay, Inc. All Rights Reserved. No material may be reproduced electronically or in print without written permission.

Similar presentations

Ads by Google