Konica Minolta Digital StoreFront User Manual
Page 54
Digital StoreFront 5.2 Administration Reference
54
Self Registration
●
Self registration can be enabled to allow site visitors to create a user profile themselves.
Administrative Registration
●
Administrators can add new users to the system through the administrative User Management
interface.
What Authentication is Doing Behind the Scenes
●
User provides a username and password to Digital StoreFront. (After CSV with LDAP name has been
uploaded.)
●
Digital StoreFront does a LDAP search for all objects where cn=USERNAME; if an object matches the
name, the search returns a fully qualified doman name.
●
Digital StoreFront uses the domain name returned by the search and the user-provided password to
rebind to LDAP and verify that the password is correct.
LDAP Authenticated Login
Customer wants users to be authenticated against an LDAP directory to verify that they are a valid
member of their known organization.
What is LDAP Authentication?
LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use
to look up information from a server.
LDAP does not define how programs work on either the client or server side. It defines the "language"
used for client programs to talk to servers (and servers to servers, too).
There two popular flavors of LDAP widely in use—Pure LDAP directories and Active Directory with an
LDAP front end. Digital StoreFront can support both models.
Digital Storefront supports LDAP authentication, which means that it can communicate with an
enterprise-wide server that contains both user information and their associated privileges. However,
Digital StoreFront only validates that a User Name exists and that the password is valid. Users can use
their User Name to log into Digital StoreFront but their LDAP User Name is part of their profile (matches
their LDAP or Domain login) and this is used for authentication.
When LDAP integration is enabled, users logging in via LDAP are logging into the Digital
StoreFront server while their credentials are being authenticated with the LDAP server, which
communicates back to Digital StoreFront whether the user is entitled to log into Digital StoreFront.
What Digital StoreFront LDAP Authentication does
●
When users sign in to Digital StoreFront, their User Name and password are verified against the
LDAP server to verify if the user is valid/not valid.
●
P
revents a person from logging into Digital StoreFront who has been deleted or made inactive in the
LDAP user database
●
Prevents a person from creating a new user profile if they have been deleted or made inactive in the
LDAP user database.