Embed Size (px)
DESCRIPTION
Presentation given by Gary Falcon of Aptiris on how to automate creation of accounts for FirstClass, authenticate against Active Directory or LDAP, and leverage existing FirstClass data for external systems.
Citation preview
FirstClass Account Automation
Gary Falcon
October 2, 2012
Goals What is possible What components
& tools to use
XStep-by-step installation
XTroubleshooting server-specific problems
Where are we going?
1. Using FC directory outside FirstClass
2. External authentication
3. Account provisioning
USING THE FIRSTCLASS DIRECTORY OUTSIDE FIRSTCLASS
Topic 1
Approaches LDAP: Internet
Services
LDAP: Directory
Services
Data files / ODBC:
Application Services
Why? Spam filters
Web app
authentication
Network copiers
PHP applications
Populate external
systems
LDAP: Internet Services
[Show Config]
Basic Internet Setup
Advanced Directory
LDAP Browser
LDAP: Directory Services
[Config Highlights]
Directory Setup
Port, root DN
Show/Replicate
Replication > Filtering
LDAP Comparison
Internet Services
Authenticate with UserID All directory objects
Global directory only ClientID as UID Less configurable
Directory Services
Authenticate with LDAP DN Choice of directory objects
using BaseDN User contacts UserID as UID More configurable LDAP-format DN
Data Exchange Files / ODBC Build in FCAS
Custom built: export exactly what is required
Automate schedule
Write to text file or ODBC data source
Which to use?
1. Internet Services LDAP: First choice
2. Directory Services LDAP: When #1
doesn’t provide necessary attributes
or function
3. Application Services: When LDAP
functions aren’t available
EXTERNAL AUTHENTICATION
Topic 2
Why? Easier for end-users
Convenient for
administrators
Low risk
High reward
What?
Authentication WorkflowUser ID & Password
LDAP controlled?
Valid login?
no
Log user in Username or PW error
no
yes
FCDS avail?
yes
no
ADavail?
yes
no
Valid login?
yes
no
yes
Cache data in FCS
Client
FCS
FCDS
Authentication: Configuration
[Config Highlights]
Operation mode: LDAP
Auth method: Remote
LDAP Server: required
Gateway: filtering
Change password: off
Challenges
Requires SSL for web logins
Most recent FCDS may not allow saved passwords
ACCOUNTPROVISIONING
Topic 3
FCDS Provisioning Works with AD, OpenLDAP With or without
authentication Account adds / removes /
changes Creates groups from OUs Matches to sAMAccount
Name (AD) or DN (LDAP) One-way replication
Provisioning: Configuration
[Config Highlights]
Operation mode: LDAP
or Replication
Enable delete: OFF
Set schedule
Test in non-production
environment
Challenges OU structure vs/
FirstClass groups
AD Groups are not replicated
Will delete your directory if you tell it to
Custom Provisioning Data can be brought in
from any system Handles account adds /
removes / changes Flexible handling of group
associations Custom apps can follow
any required logic Provisioning only; no
authentication
Getting Help Limited support from FirstClass Aptiris can assist with:
Support (for Aptiris clients) Implementation services Ad-hoc consultation [email protected] / 877.864.3534
QUESTIONS?Wrap-Up
