1. Administering Oracle Field Service
  2. LDAP Connection Validation When Configuring Login Policy

LDAP Connection Validation When Configuring Login Policy

This feature is implemented for those customers who have chosen Lightweight Directory Access Protocol (LDAP) for authentication.

This feature provides these improvements:

  • Informs users about the need to configure the connection from two regional data centers where the environment can be deployed.
  • Simplifies the LDAP connection check and notify integrators about any connectivity issues by providing these functions within the application.

When using the LDAP type of authentication, you must make some additional actions to set the connectivity properly. The application implements two types of connectivity checks for login policies using LDAP for authentication:

  • Manual connectivity check (when adding, modifying or viewing a login policy)
  • Automatic connectivity check (once a day)

For both types of connectivity checks, the application connects from both regional data centers over LDAP servers specified for a login policy and show the results in UI.

Manual connectivity check

The application runs a connectivity check when adding or modifying an LDAP login policy.

  • You must populate all of the required fields for a login policy and then click the 'Check Connectivity and Add' / 'Check Connectivity and Modify' buttons. Then the application initiates a connectivity check from both regional data centers over all end points configured within the 'LDAP Server URL List' field.

  • If the application was able to establish connectivity to all LDAP servers then the login policy settings are saved.

    Alternatively, if any issues occur, the application displays a page showing the detailed status of the connectivity check from each data center for each configured LDAP Server URL. This page also shows a warning message to set up connectivity at the earliest opportunity so as to save the login policy and establish a connection later.

  • Check connectivity while not making any configuration changes

    Another option for integrators is to click Re-check after making the required changes. This prompts the application to run the connectivity check again. You can initiate the connectivity check without making any configuration changes. Click Check connection on the login policy page. The application initiates the connection over all LDAP Server URLs from both regional data centers and display the results.

Automatic connectivity check

The application automatically runs a daily connectivity check for each LDAP login policy by connecting to all LDAP servers from two regional data centers.

Connectivity Check Results:

  • Accessing the overall status

    An overall status of the latest LDAP connectivity check is displayed on the login policy card that appears on the 'Login policies' screen. There could be two statuses:

  • Connected to all LDAP server URLs

    This status implies that all LDAP servers could be reached from two regional data centers.

  • Configure connection to all LDAP servers

    This status shows that the connection to at least one of the LDAP servers failed from either of the data centers.

  • Configure connection to all LDAP server URLs Message

Viewing detailed report of connectivity check

A detailed report on the results for the last connectivity check are displayed on the login policy page.

From the detailed report:

  • In case of positive results, the application shows a Connected to all LDAP server URLs message with the green check box icon.
  • In case of connectivity issues, the application shows the connection status for each LDAP URL configured for the policy.

The login policy page also shows the date and time when the connection check was performed.

A deployment model of the application addresses the major security requirement that data cannot leave a geographical region where a company operates. To achieve this, the application is provided with two data centers in each region. Respectively, an environment can be deployed in either of these two data-centers and moved to another data center at any time; the most common reason for this migration would be as part of the disaster recovery procedure that is automatically triggered when the primary data center is impacted by some severe issues.

Related Topics