Owners Manual

ManualsBrandsDell ManualsComputer equipmentOpenManage Network Manager

Setting Up Authentication | Getting Started

80 OMNM 6.5.2 User Guide

LDAP and Multitenancy FAQs

The following are answers to some of the frequently asked questions about LDAP, particularly

related to multitenancy (see the User Guide for more about Multitenancy).

Disabling logins after a preset number of failed attempts

—OpenManage Network Manager

supports this for both local and LDAP users.

Reporting login attempts

—Supported from report: User Login Report/Last 30 Days.

All users log in with LDAP

—This is supported. Tenant site users must prepend the site prefix. For

example: The full screen name for user

admin

in customer site with the prefix

, logs in as

BP-admin.

Are Passwords stored as plain text?

—Passwords are stored in encrypted form in the database, even

for imported users. LDAP users can authenticate through Active Directory (AD) or

OpenLDAP. If you do not want locally stored password, manually create users. Alternatively,

import users, then disable import, and change the local passwords so they are different than

the one from AD.

Roles and Users

—You must locally configure different roles for users within OpenManage

Network Manager.

Authentications

—By default, OpenManage Network Manager authenticates from the local

server(s). If you add

auth.pipeline.enable.liferay.check=false (in

[installation root]\oware\synergy\tomcat-7.0.40\webapps\social-

networking-portlet\WEB-INF\classes\portal.properties)

and enable

LDAP required, it uses LDAP to authenticate. Liferay does have multiple entries for AD and

OpenLDAP.

Configuring a CAS Server with RADIUS

OpenManage Network Manager does not support RADIUS for authentication directly, however it

does support LDAP (see

Integrating LDAP

on page 77), CAS, NTLM SSO, OpenID, Open SSO

and Siteminder. If you are not doing NTLM/LDAP/Active Directory, Central Authentication

Service (CAS) is a widely used, open source central authentication solution.

NOTE:

For more information on NTLM SSO (Microsoft Single Sign-On Authentication), please reference https://

dev.liferay.com/discover/deployment/-/knowledge_base/7-0/ntlm-single-sign-on-authentication

This feature imports users with the default level of permissions. You must manually alter permissions

and create groups if you want to differentiate between user permissions.

CAS can also use various authentication schemes like LDAP, or RADIUS, so OpenManage Network

Manager supports those indirectly. Web applications like OpenManage Network Manager only

need to know about the CAS server, not the various authentication protocols CAS uses to provide

the final authentication mappings.

One popular CAS Server is available at:

http://www.jasig.org/cas

Configure access to CAS in the Portal > Portal Settings > Authentication > CAS tab, which

includes a

Test CAS Configuration

button. Other tabs are available here for authentication too, for

example LDAP and Active Directory (see

Integrating LDAP

on page 77 for instructions about how

to enable LDAP).

Liferay provides foundation classes for OpenManage Network Manager’s web client. Liferay Wiki

instructions about setting up CAS appear here:

http://www.liferay.com/community/wiki/-/wiki/

Main/CAS+Liferay+6+Integration.