LDAP Tool: Difference between revisions

From Redrock Wiki

en>Ivisser
mNo edit summary
 
No edit summary
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{40EOL}}
<!-- table for the whole page -->  
<!-- table for the whole page -->  
{| style="width:100%; vertical-align:top; "  
{| style="width:100%; vertical-align:top; "  
Line 19: Line 20:
|}
|}


<!-- The LDAPTool template contains the details about using the LDAP Tool -->
{| style="width:100%; vertical-align:top; "
{{LDAPTool}}
| style="vertical-align:top; font-size:140%; color:#7c1911; " | '''LDAP Tool''' <HR>
 
|-
| style="vertical-align:top; font-size:100%; " | <br />We have worked with many different LDAP and Active Directory systems, and will help you configure your system. The LDAP Tool is used to find the correct LDAP configuration in order to authenticate users in your Trac System with your campus authentication system. When the correct settings are found with the LDAP Tool, Redrock Software will need a screen shot of the correct configuration settings to create a custom authentication script for your Trac System.
There are three types of binds to an LDAP system: Anonymous, Simple, and Double Bind.<br /><br />
 
An Anonymous Bind is when the LDAP system allows a user to connect to the  LDAP directories without entering a username and password.  This is not a secure method of binding to the LDAP directories and cannot be used to authenticate users into your Trac application. No user is authenticated without verifying they have entered valid credentials. That can only be accomplished by a simple or double bind.<br /><br />
 
A Simple Bind is when the LDAP system allows a user account to connect directly to the LDAP directories by entering a username and password. This is a secure method of binding to the LDAP directories and can be used to authenticate users into your Trac application.  When a user enters their username and password on the default login screen, your Trac application takes that information and immediately passes it to the LDAP Server with the settings found in testing. The Search Criteria in the Simple Bind does not have any bearing on the authentication and is typically left as "cn=NOTAUSER" so the LDAP Bind does not produce any results. The results do not matter when authenticating through a simple bind – just that the LDAP Server returns a good status response or an error. If there is an error, then the user is not validated and is not logged into your Trac System. If there is a good status, then the user is found locally in your Trac application by the username that they entered or by a field returned by the LDAP Bind and Search.<br /><br />
 
A Double Bind is when the LDAP system requires a Bind, Search, and a second Bind to connect to the LDAP directories. This is a secure method of binding to the LDAP directories  and can be used to authenticate users into your Trac application. When a user enters their username and password on the default login screen, your Trac application performs a Bind with a specific LDAP account and performs a Search on the username that was entered on the default login page. When the LDAP system returns the directory information for the  user, your Trac application finds the Distinguished Name (DN) for the user and then attempts to Bind a second time with the returned DN and the password that was entered on the default login screen. The LDAP Server returns a good status response or an error. If there is an error, then the user is not validated and is not logged into your Trac  System. If there is a good status, then the user is found locally in your Trac System by the username that they entered or a field returned by the Search.<br />
 
|-
| style="vertical-align:top; font-size:100%; " |<br />'''''LDAP Server Address'''''<br />
The LDAP Server Address field is for the IP Address or DNS for the LDAP Server.<br /><br />
 
'''''Username & Password'''''<br />
The Username and Password fields are for the user’s credentials to authenticate.<br /><br />
 
'''''Base DN'''''<br />
The Base DN field is for the directory information to access the LDAP Server.<br /><br />
 
'''''Encrypted Bind & LDAP Port'''''<br />
Choose if the LDAP connection is secure and specify the port. Standard ports are 389 or 636.<br /><br />
 
'''''Search Criteria'''''<br />
The  default Search Criteria is (cn=NOTAUSER).  A Simple Bind does not need  to search for any specific user so the search for NOTAUSER is just  fine.<br /><br />
 
'''''Return Attributes'''''<br />
The Return Attributes are only necessary in the Double Bind scenario.  This  allows for returning specific information about the user from the LDAP directories.<br /><br />
<!-- here is the end of the content table -->
|}
 


|-
|-
Line 28: Line 61:
|}
|}


<!-- this line is the end of the table for the entire page -->
{{DISPLAYTITLE:<span>Technical Documentation</span>}}
__NOTOC__
__NOTOC__
[[Category:Trac 4]]

Latest revision as of 10:06, 26 March 2024

    The legacy Trac 4.0 version of TutorTrac/AdvisorTrac/FitnessTrac is no longer receiving updates and will be end-of-life in 2025. Click here to schedule a TracCloud demo or reach out to sales@go-redrock.com for migration pricing or contract details.



New, easy to use interface
TracCloud features a modern, easy to use, and mobile-friendly interface, allowing you to easily find and manage your data as you need. Students, staff, and faculty will have a much easier time navigating through the system and accessing the data they need. The new dashboard offers many easy to access widgets to view and manage your data.

7018287.png

New Features
Export almost any report into Excel. Static and dynamic QR codes for touchless-kiosk environments. Unlimited custom data fields in student records, visits, appointments, and more. Customizable views of listing pages. Student timelines. Twig and HTML-supported emails and system messages. Customizable log listing and kiosk views. Center descriptions. New reports. Student success plans as a new module, along with work plans for staff. The full list of changes couldn't fit in this article, and more is being added all the time. Relating to the schedule specifically, you'll find a new appointments listing, availability badges, custom search appointment links and QR codes, unlimited customizable max appointment rules, asynchronous appointment support, and more.

4062955.png

Customizable
With Twig support, you can personalize system messages, upcoming appointment lists, emails, and more based on the users who are viewing/receiving them. From simple changes like greeting the user by name to completely changing an email based on if the related appointment was in-person or online, in a certain center, for a certain reason, even if a certain custom field in the student's profile has a specific value. This extends to the log listing and kiosks as well, where you can add or remove fields, rearrange the data that's displayed, and add custom formatting with HTML and Twig.

1670850.png

Faster
Rewritten from the ground up hosted on AWS, using a MySQL database, TracCloud is faster in every way. This performance increase compared to Trac 4.0 can be noticed throughout the entire system, with reports being especially improved. Even the biggest reports in TracCloud load within a few seconds.

3881667.png

Migrate Existing Data
Migrate your existing data from Trac 4.0, allowing you to pick up right where you left off. We'll work with you to plan out your migration, coordinating with your IT, and training your system administrators to get you started in TracCloud.

7254776.png

Click here to schedule a TracCloud demo!



Connect to an LDAP or Active Directory Server

The Trac application can store local usernames and password for your users and students to log in to the Trac system, however, Redrock Software Corporation recommends utilizing and LDAP, Active Directory, or other university authentication protocol to log users into your Trac system. This can easily be configured on your system. The first step is to use the LDAP Tool to test and find the correct configuration to Bind a user to your LDAP or Active Directory server.

Ldap53gt28h.png

LDAP Tool

We have worked with many different LDAP and Active Directory systems, and will help you configure your system. The LDAP Tool is used to find the correct LDAP configuration in order to authenticate users in your Trac System with your campus authentication system. When the correct settings are found with the LDAP Tool, Redrock Software will need a screen shot of the correct configuration settings to create a custom authentication script for your Trac System.

There are three types of binds to an LDAP system: Anonymous, Simple, and Double Bind.

An Anonymous Bind is when the LDAP system allows a user to connect to the LDAP directories without entering a username and password. This is not a secure method of binding to the LDAP directories and cannot be used to authenticate users into your Trac application. No user is authenticated without verifying they have entered valid credentials. That can only be accomplished by a simple or double bind.

A Simple Bind is when the LDAP system allows a user account to connect directly to the LDAP directories by entering a username and password. This is a secure method of binding to the LDAP directories and can be used to authenticate users into your Trac application. When a user enters their username and password on the default login screen, your Trac application takes that information and immediately passes it to the LDAP Server with the settings found in testing. The Search Criteria in the Simple Bind does not have any bearing on the authentication and is typically left as "cn=NOTAUSER" so the LDAP Bind does not produce any results. The results do not matter when authenticating through a simple bind – just that the LDAP Server returns a good status response or an error. If there is an error, then the user is not validated and is not logged into your Trac System. If there is a good status, then the user is found locally in your Trac application by the username that they entered or by a field returned by the LDAP Bind and Search.

A Double Bind is when the LDAP system requires a Bind, Search, and a second Bind to connect to the LDAP directories. This is a secure method of binding to the LDAP directories and can be used to authenticate users into your Trac application. When a user enters their username and password on the default login screen, your Trac application performs a Bind with a specific LDAP account and performs a Search on the username that was entered on the default login page. When the LDAP system returns the directory information for the user, your Trac application finds the Distinguished Name (DN) for the user and then attempts to Bind a second time with the returned DN and the password that was entered on the default login screen. The LDAP Server returns a good status response or an error. If there is an error, then the user is not validated and is not logged into your Trac System. If there is a good status, then the user is found locally in your Trac System by the username that they entered or a field returned by the Search.


LDAP Server Address

The LDAP Server Address field is for the IP Address or DNS for the LDAP Server.

Username & Password
The Username and Password fields are for the user’s credentials to authenticate.

Base DN
The Base DN field is for the directory information to access the LDAP Server.

Encrypted Bind & LDAP Port
Choose if the LDAP connection is secure and specify the port. Standard ports are 389 or 636.

Search Criteria
The default Search Criteria is (cn=NOTAUSER). A Simple Bind does not need to search for any specific user so the search for NOTAUSER is just fine.

Return Attributes
The Return Attributes are only necessary in the Double Bind scenario. This allows for returning specific information about the user from the LDAP directories.