|
|||||||||
| PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES | ||||||||
See:
Description
| Interface Summary | |
|---|---|
| IsecLDAP | This interface provides the constants necessary to configure and manage LDAP authentication. |
| IsecLDAP.CeAuthType | Specifies the types of authentication for Secure Socket Layer (SSL) server authentication. |
| IsecLDAP.CeServerSSLStrength | Specifies the types of server-side Secure Socket Layer strength. |
| IsecLDAP.CeSSOAccessMode | Specifies the single sign-on (SSO) access mode. |
| IsecLDAP.CeSSOVendor | Specifies the single sign-on (SSO) vendor. |
| IsecLDAPBase | This class provides properties and methods that map LDAP principals (users and groups) to SAP BusinessObjects Enterprise, configure security options for network communication, and manage LDAP authentication. |
This package contains the LDAP plugin that allows you to map groups and their members from your LDAP user database to SAP BusinessObjects Enterprise. It also enables the system to verify all logon requests that specify LDAP authentication. Users are authenticated against the LDAP user database before the Central Management Server (CMS) grants them an active SAP BusinessObjects Enterprise Enterprise session. For more information on mapping LDAP users and groups to SAP BusinessObjects Enterprise, see the SAP BusinessObjects Enterprise Administrator's Guide.
Unlike the desktop plugins, the authentication plugins are static, and objects cannot be created from
them. It follows that since no instances of the plugin exist, you must retrieve the plugin itself. Each
type of authentication plugin is represented by an InfoObject. These objects are
stored in the CI_SYSTEMOBJECTS category in the CMS, and must be retrieved using the SI_NAME
property.
The following example retrieves the secLDAP authentication plugin:
IInfoObjects authObjs = iStore.query( "SELECT TOP 1* FROM CI_SYSTEMOBJECTS WHERE SI_NAME='secLDAP'");
The query method returns a collection of InfoObjects, which in this case contains only one item--the secLDAP plugin object.
Like other InfoObjects, this object is uniquely represented by its ID property. You can also access
general InfoObject properties, such as the SI_NAME property,
SI_DESCRIPTION property, and
SI_ID property.
To access the IsecLDAP objects returned by the query, the resulting IInfoObjects need to be cast. This example demonstrates how to cast the returned IInfoObjects as IsecLDAP objects:
IInfoObject obj = (IInfoObject) authObjs.get(0);
IsecLDAP ldapAuth = (IsecLDAP) obj;
A third-party group can be mapped over to SAP BusinessObjects Enterprise in two ways. The third-party
group alias name can be added to a new IUserGroup or it can be added to
an existing group. Once the IUserGroupAlias for the third-party user group has been added
to the IUserGroup, the collection must then be committed to the CMS. Before committing,
ensure that the IUserGroupAlias's setDisabled method is set to false.
Also be aware that adding an alias to an existing user group is not the same as re-assigning the
third-party alias. Re-assignment is not handled by the CMS and must be done manually.
Once the appropriate third-party user group aliases have been created and added to an IUserGroup,
the third-party user group is ready to be imported. In order to trigger the import of the third-party users,
the third-party plugin InfoObject needs to be updated. It is important to note that merely adding the
third-party group alias to a group does not trigger the import of the users.
To import LDAP users from a previously mapped third-party group:
IUserGroup to which the third-party group alias to be mapped was added.
IUserGroupAlias object's getAuthentication()
and getID() methods to retrieve the required information.
"cn=groupA,ou=groups,o=company;cn=groupB.ou=groups,o=company".
CePropertyID.SI_MAPPED_GROUPS,
CePropertyID.SI_ALIAS_AUTOADD,
CePropertyID.SI_ALIAS_AUTOCREATE
|
|||||||||
| PREV PACKAGE NEXT PACKAGE | FRAMES NO FRAMES | ||||||||