You have stored relatively complete employee information on the LDAP authentication server, which has been used for authentication by multiple online systems.
You want to use the same authentication method in FineDataLink.
FineDataLink supports the LDAP authentication method. This document explains how to configure LDAP authentication in FineDataLink.
When a user attempts to log in, the platform forwards the entered username to the configured LDAP system for authentication. The authentication logic is as follows:
If authentication fails in the LDAP system, the platform considers the login attempt a failure.
If authentication succeeds in the LDAP system but the corresponding user does not exist on the platform, the platform considers the login attempt a failure.
If authentication succeeds in the LDAP system and the corresponding user exists on the platform, the platform considers the login attempt a success. The user may then access the platform and perform operations within the permission scope.
1.Log in to the FineDataLink system as the super admin and choose System Management > User Management, click the icon to go to the Global Setting page, and select authentication methods in Synchronized User and Imported/Added User, as shown in the following figure.
2. Select LDAP Authentication as the authentication method, and set the parameters, as shown in the following figure.
Corresponding parameters in LDAP Authentication are described as follows:
An LDAP directory server stores data in a tree structure and is accessed via a URL. Following successful username and password authentication, the system searches for relevant login information at the location specified by the value of Retrieval Location.
Tick Retrieval Location Not As baseDN: The system automatically searches subdirectories even when only the root directory is specified, which is less efficient.
Untick Retrieval Location Not As baseDN: With the complete path entered, the system directly accesses the target directory without searching, resulting in faster performance.
Authentication Method specifies the authentication type used by the LDAP directory server, which is typically simple. Select it based on your LDAP server configuration.
When you select none as the authentication method, the system authenticates anonymously, which means that users can log in to the system successfully by entering any password.
When you select simple as the authentication method, the system uses the regular plaintext passwords stored in the LDAP server for authentication.
It denotes the class name of the initial context factory.
For an LDAP-based directory service, com.sun.jndi.ldap.LdapCtxFactory is typically selected.
You can determine whether to suffix a domain to the username or not. The set domain will be automatically appended to usernames during login.
For example, there is a user called Alice@fanruan.com in the LDAP server, and the username suffix is set to @fanruan.com.
The FineDatalink user Alice just needs to log in with a username of Alice, without entering the domain.
The account specified here is not necessarily the LDAP server administrator, but rather any user with the search permission on the LDAP server. Authentication is achieved by accessing the LDAP server via this user and retrieving login information from the retrieval position.
The administrator name is typically identified in the format of Domain name/Username, where the username can be in either uid or cn format. However, a domain name with DN is not commonly used.
When you enter an ordinary LDAP user with the search permission (not the LDAP server administrator) in the Administrator Name field, the name must be the combination of the username and the domain name. For example, if the username is Idap and Retrieval Location is set to DC=test, DC=com, then Administrator Name should be set to ldap@test.com.
If you enter the name of the LDAP server administrator in Administrator Name, you just need to input the username here, for example, administrator.
3. Click Test Connection after setting parameters. After the successful connection, click Save. The authentication method is configured successfully.
The LDAP server typically stores the employee list. If you want to allow a user to log in to the system through LDAP authentication, you need to add a user with the same name in the system, because operations like binding an email or assigning permission are performed based on the user account in the system.
When the corresponding user exists on the platform, you just need to switch the authentication method from the default Built-in Authentication to LDAP Authentication.
Choose System Management > User Management > All Users, and then click Add User to add the user test001, as shown in the following figure.
1. You do not need to set passwords when adding users for LDAP authentication. The platform may store a default password 123456, but the actual authentication will always use the password on the LDAP server.
2. For Synchronized User and Imported/Added User, you can select different authentication methods separately.
On the FineDataLink login page, enter the username and password stored in the LDAP server, and then click Login.
If authentication with the LDAP system is successful and the corresponding user exists in the platform list, the FineDataLink system will consider the login successful. The user can then log in to FineDataLink and perform corresponding operations within the permission scope, as shown in the following figure.
1. If the entered username does not exist in the FineDataLink system, the corresponding platform user is disabled, or the FineDataLink user limit is enabled (with the entered username excluded), the system will not be connected with the LDAP server, and a prompt displaying "Incorrect Username or Password" or "Username Unavailable" will pop up.
2. Ensure usernames stored in the LDAP server do not contain double-byte Japanese or Hangul characters. Otherwise, a prompt displaying "Incorrect Username or Password" will pop up when users log in to the system.
Ensure the passwords stored in the LDAP server do not contain double-byte Japanese or Hangul characters. Otherwise, a prompt displaying "Incorrect Username or Password" will pop up when users log in to the system.
You (the super admin) can customize a login search field for Username in LDAP Authentication through FINE_CONF_ENTITY Visualization Configuration plugin. The settings take effect after the server is restarted.
Enter the parameter value in the format of [Value 1, Value 2].
The value of the parameter cannot be empty, and its length should not be 0.
The default value is ["sAMAccountName", "cn", "userPrincipalName", "uid", "displayName", "name", "sn"].
滑鼠選中內容,快速回饋問題
滑鼠選中存在疑惑的內容,即可快速回饋問題,我們將會跟進處理。
不再提示
10s後關閉
Submitted successfully
Network busy