1. Security Administration Guide
  2. Microsoft Active Directory

Microsoft Active Directory

Microsoft Active Directory uses "inetOrgPerson" and a user password can be stored in the Active Directory attribute called "userPassword". However, Microsoft Active Directory must be configured to store a user password in the "userPassword" attribute. It can be configured by setting the 9th bit of dsHeuristics value. It is located in CN=Directory Service,CN=Windows NT,CN=Services,CN=Configuration,DC=domain. object. The value should look like this: 000000001. For more information, refer to Microsoft documentation.

http://msdn.microsoft.com/en-us/library/cc223249.aspx

http://msdn.microsoft.com/en-us/library/cc223560.aspx

Consider the following items when using Microsoft Active Directory:

  • EnterpriseOne application P95928 should be configured accordingly for "InetOrgPerson" and "userPassword".

  • For Microsoft Active Directory, the EnterpriseOne data can be dynamically uploaded only over a SSL/TLS connection. This is due to the Microsoft Active Directory restriction.

  • Microsoft Active Directory user-password authentication is case sensitive. The user information uploaded from EnterpriseOne does not include user passwords. Therefore, passwords must be entered by an administrator or end users using the applicable LDAP tool. The passwords are stored in the case in which they are entered. During sign-in, other LDAP servers ignore the case of the supplied password, whereas Microsoft Active Directory fails to authenticate a user if the supplied password is not in the correct case.

  • In case a user does not get uploaded to Microsoft Active Directory, all of the roles assigned to the particular user would also not be uploaded to Microsoft Active Directory. This restriction is valid only for Microsoft Active Directory and not for OID / IDS.