beautypg.com

Konica Minolta Digital StoreFront User Manual

Page 54

background image

Digital StoreFront 5.2 Administration Reference

54

Self Registration

Self registration can be enabled to allow site visitors to create a user profile themselves.

Administrative Registration

Administrators can add new users to the system through the administrative User Management
interface.

What Authentication is Doing Behind the Scenes

User provides a username and password to Digital StoreFront. (After CSV with LDAP name has been
uploaded.)

Digital StoreFront does a LDAP search for all objects where cn=USERNAME; if an object matches the
name, the search returns a fully qualified doman name.

Digital StoreFront uses the domain name returned by the search and the user-provided password to
rebind to LDAP and verify that the password is correct.

LDAP Authenticated Login

Customer wants users to be authenticated against an LDAP directory to verify that they are a valid
member of their known organization.

What is LDAP Authentication?

LDAP, Lightweight Directory Access Protocol, is an Internet protocol that email and other programs use
to look up information from a server.

LDAP does not define how programs work on either the client or server side. It defines the "language"
used for client programs to talk to servers (and servers to servers, too).

There two popular flavors of LDAP widely in use—Pure LDAP directories and Active Directory with an
LDAP front end. Digital StoreFront can support both models.

Digital Storefront supports LDAP authentication, which means that it can communicate with an
enterprise-wide server that contains both user information and their associated privileges. However,
Digital StoreFront only validates that a User Name exists and that the password is valid. Users can use
their User Name to log into Digital StoreFront but their LDAP User Name is part of their profile (matches
their LDAP or Domain login) and this is used for authentication.

When LDAP integration is enabled, users logging in via LDAP are logging into the Digital

StoreFront server while their credentials are being authenticated with the LDAP server, which
communicates back to Digital StoreFront whether the user is entitled to log into Digital StoreFront.

What Digital StoreFront LDAP Authentication does

When users sign in to Digital StoreFront, their User Name and password are verified against the
LDAP server to verify if the user is valid/not valid.

P

revents a person from logging into Digital StoreFront who has been deleted or made inactive in the

LDAP user database

Prevents a person from creating a new user profile if they have been deleted or made inactive in the

LDAP user database.