Configuring Windows Authentication by a Domain Controller with LDAP - Advanced Design and Setup - Foundation 23.2 - Foundation 23.2 - Ready - Content Composer - external

Content Composer Advanced Design and Setup

Platform
Content Composer
Product
Advanced Design and Setup
Release
Foundation 23.2
License
This configuration option uses the Windows user store (domain or workgroup) to authenticate users.

For authorization, you can configure either to use the Windows user store or LDAP.

If required, the system reads the user and role attributes from the LDAP server.

Complete one of the following substeps.

  • If the system uses the Windows user store for authentication and authorization, complete the following substeps to determine the assignment of users to roles from Windows.
    1. Enable Windows authentication. See Enable Windows authentication for more information.
    2. From the %Composerdir% directory, open UserRepository.config with a text editor that supports UTF-8.
    3. Set the profileReadOption attribute value to either All, Role, None, or User.
      <userRepository systemOId="cc" roleMapper="Std_Mapping" userProfile="Std_Profil" profileReadOption="None" userStore="Windows" />
    4. Save and close the file.
  • If the system uses the Windows user store for authentication and the LDAP server for authorization, complete the following substeps to determine the assignment of users to roles from LDAP.
    Note: The configuration file UserRepository_Ldap.config contains the LDAP server-specific settings. Modify this file before enabling LDAP authorization.
    1. Maintain the user and group assignment in LDAP.
    2. From the %Composerdir% directory, open Composer.Core.exe.config with a text editor that supports UTF-8.
    3. If the <serviceCredentials> element exists in the file, remove the element or comment it out.

      Example

      <behavior name="STSBehaviour">
           <!--  <serviceCredentials> 
               <userNameAuthentication userNamePasswordValidationMode="Custom" customUserNamePasswordValidatorType="ModusSuite.Runtime.STS.LdapUserNamePasswordValidator, ModusSuite.Runtime.STSRuntimeService" /> 
            </serviceCredentials>  -->
         </behavior> 
      
    4. Save and close the file.
    5. From the %Composerdir% directory, open UserRepository.config with a text editor that supports UTF-8.
    6. Set the userStore attribute value to LDAP.
    7. Set the profileReadOption attribute value to either All, Role, None, or User.

      Example

      <userRepository systemOId="cc" roleMapper="Std_Mapping" userProfile="Std_Profil" profileReadOption="None" userStore="LDAP" />
    8. Save and close the file.