反馈已提交
网络繁忙
FineBI Version
Functional Change
6.0
/
Provided that you have added complete employee information in a server authenticated by LDAP and have made authentications for multiple online systems through it, and you need to use the same authentication method in decision-making system, you can tick LDAP Authentication in Manage > User > Global Setting.
You can set LDAP authentication in the decision-making system following the method in this article.
LDAP Authentication means that the username will be authenticated in LDAP system when you log into FineBI.
The authentication will fail if LDAP system authentication is not successful.
The authentication will fail if the corresponding user is not in the list of system users, even if LDAP system authentication is successful.
The authentication will success if LDAP system authentication is successful and the corresponding user is in the list of system users. Then the user can log into FineBI and make operations within permissions.
Note: Super admins are not restricted on LDAP authentication and can use FineBI's built-in authentication methods.
Admins log into the system, go to Manage > User > Global Setting, and select authentication methods in Synchronized User or Imported/Added User.
Tick LDAP Authentication, enter corresponding parameters, and click Save. Log into the system again.
Corresponding parameters in LDAP Authentication are shown as follows:
Parameter
Description
URL
The entrance of LDAP server
It is composed of domain name or IP and port number. The default port number is 389. The format of URL is LDAP://{domain name} or IP: {port number}.
Retrieve Location
The location storing login information
LDAP is a tree-structure server used to store data. You can retrieve relevant login information after going to the server through URL and passing through verification with a username and password.
If you tick Do not retrieve the location as baseDN, the system will retrieve following subdirectories automatically even though there is only a root directory, which is inefficient.
If you untick Do not retrieve the location as baseDN, the system does not need to retrieve following subdirectories after entering a complete directory, which is efficient and fast.
AUTH Method
Specifying the authentication type used by the LDAP directory server. It can be selected according to the configuration of LDAP server. For usual authentication methods, you just need to select simple.
When AUTH Method is none, the system will authenticate anonymously, which means that users can log into the system with any passwords.
When AUTH Method is simple, the system will authenticate with plaintext passwords stored in LDAP server.
Context
Class name of the initial context factory
You can generally select com.sun.jndi.ldap.LdapCtxFactory, which can used in LDAP server.
Referral
Selecting according to configurations of LDAP server. ignore is usually selected.
Username Suffix
You can determine whether to add a Username Suffix or not. If you have added a username suffix, you need to add the corresponding domain name when logging in.
For example, there is a user called Alice@fanruan.com in LDAP server. The username suffix is @fanruan.com.
Therefore, the username in decision-making system is Alice. The username when the user logs into the decision-making system is also Alice.
Administrator Name/Administrator Password
Administrator Name is not the name of admins in LDAP server, but the name of users who have retrieving permissions in LDAP server. The authentication will be finished when the user goes to the LDAP server and retrieves login information.
Administrator Name can be recognized in the form of domain name and username, whether in the form of UIDor cn. However, a domain name with DN is not commonly used.
If you fill in an ordinary user with retrieving permissions in LDAP server, not the admin of LDAP server, then the form of Administrator Name must be the combination of username and domain name. For example, if Username is Idap and Retrieve Location is DC=test,DC=com, then Administrator Name is Idap@test.com.
You can directly enter the name of LDAP server admin, such as administrator.
Click Test Connection after setting parameters. Click Save to successfully configure authentication methods.
Note: A prompt will pop up if the connection fails: Failed to connect to LDAP authentication, please confirm the relevant configuration is correct and save again.
Generally, there is a list of employee information in LDAP server. If you want to allow a user to log into the system through LDAP authentication, you need to add a user with the same name in the system, because operations like binding an email or assigning permissions are based on users in the system.
When there is a corresponding user in the system, to enable LDAP Authentication is to change the password authentication method from default Built-in AUTH to LDAP server authentication.
Go to Manage > User > All Users and click Add User.
Note:
1. There is no need for setting passwords when adding users in LDAP authentication.
2. For Synchronized User and Imported/Added User, you can select different authentication methods separately.
Users enter the name and password stored in LDAP server. The authentication will be successful if LDAP system authentication is successful and there is a corresponding user in the list of users in the system. Users can go to the decision-making system and make corresponding operations.
1. The system will not be connected with LDAP server if there is no corresponding user in the system, the corresponding user is disabled, or there is a limit on user number and the user is not included. A prompt will pop up: Username or password is wrong/Username is not available.
2. The usernames stored in LDAP server cannot be double byte Japanese or Hangul characters. Otherwise, a prompt will pop up when you log into the system: Username or password is wrong.
Super admins can customize a login search field for Username in LDAP Authentication through the fine_conf_entity Visual Configuration plugin. Restart the server to make it take effect.
Configuration
Modification Rule
FSConfig.loginConfig.fWords
The format of parameter: [{value 1},{value 2}]
The value of parameter cannot be empty and its length should not be 0.
The default parameter is [{sAMAccountName},{cn},{userPrincipalName},{UID},{displayName},{name},{sn}]
feedback
鼠标选中内容,快速反馈问题
鼠标选中存在疑惑的内容,即可快速反馈问题,我们将会跟进处理。
不再提示
10s后关闭