| ... |
... |
@@ -9,7
+9,7 @@ |
| 9 |
9 |
A common use case are forms used internally by some company, and that may be accessed only by the employees of that company. The user data of the active directory can be accessed via {{smallcaps}}Ntlm{{/smallcaps}}. |
| 10 |
10 |
|
| 11 |
11 |
{{info}} |
| 12 |
|
-{{smallcaps}}Ntlm{{/smallcaps}} may not be available depending on your license. |
|
12 |
+{{smallcaps}}Ntlm{{/smallcaps}}may not be available depending on your license. |
| 13 |
13 |
{{/info}} |
| 14 |
14 |
|
| 15 |
15 |
== Using NTLM == |
| ... |
... |
@@ -24,11
+24,11 @@ |
| 24 |
24 |
|
| 25 |
25 |
The host (FQN) of the active directory controller used for authenticating users via {{smallcaps}}Ntlm{{/smallcaps}} and transmitting their data over {{smallcaps}}Ldap{{/smallcaps}}. |
| 26 |
26 |
|
| 27 |
|
-{{code language="none"}} |
|
27 |
+{{code}} |
| 28 |
28 |
Example: domain.example.com |
| 29 |
29 |
{{/code}} |
| 30 |
30 |
|
| 31 |
|
-Connection to the {{smallcaps}}Ldap{{/smallcaps}} server for the {{smallcaps}}Ldap{{/smallcaps}} search account has been established successfully |
|
31 |
+Connection to the {{smallcaps}}Ldap{{/smallcaps}} server for the {{smallcaps}}Ldap{{/smallcaps}}search account has been established successfully |
| 32 |
32 |
|
| 33 |
33 |
== NTLM authentication == |
| 34 |
34 |
|
| ... |
... |
@@ -38,7
+38,7 @@ |
| 38 |
38 |
|
| 39 |
39 |
The host name of the active directory controller. |
| 40 |
40 |
|
| 41 |
|
-{{code language="none"}} |
|
41 |
+{{code}} |
| 42 |
42 |
Example: domain |
| 43 |
43 |
{{/code}} |
| 44 |
44 |
|
| ... |
... |
@@ -46,7
+46,7 @@ |
| 46 |
46 |
|
| 47 |
47 |
Different forms of the domain name can be used depending on the active directory. |
| 48 |
48 |
|
| 49 |
|
-{{code language="none"}} |
|
49 |
+{{code}} |
| 50 |
50 |
Example: example.de oder example0 |
| 51 |
51 |
{{/code}} |
| 52 |
52 |
|
| ... |
... |
@@ -92,7
+92,7 @@ |
| 92 |
92 |
|
| 93 |
93 |
Account to be used for looking up users. It must have been granted permission to perform user lookup. |
| 94 |
94 |
|
| 95 |
|
-{{code language="none"}} |
|
95 |
+{{code}} |
| 96 |
96 |
Example: ldap@example.de |
| 97 |
97 |
{{/code}} |
| 98 |
98 |
|
| ... |
... |
@@ -104,7
+104,7 @@ |
| 104 |
104 |
|
| 105 |
105 |
{{smallcaps}}Ldap{{/smallcaps}} base DN used for looking up authenticated users. |
| 106 |
106 |
|
| 107 |
|
-{{code language="none"}} |
|
107 |
+{{code}} |
| 108 |
108 |
Example: ou="users", dc="example", dc="de" |
| 109 |
109 |
{{/code}} |
| 110 |
110 |
|
| ... |
... |
@@ -139,11
+139,6 @@ |
| 139 |
139 |
Example: user@EXCAMPLE.COM |
| 140 |
140 |
{{/info}} |
| 141 |
141 |
|
| 142 |
|
-{{info}} |
| 143 |
|
-To this user you must, in Active Directory for example, register the Domians to be used as ServiePrincipalName beginning with the service class HTTP. You can find more information [[here>>https://social.technet.microsoft.com/wiki/contents/articles/717.service-principal-names-spn-setspn-syntax.aspx||target="_blank"]] or [[here>>https://docs.microsoft.com/en-us/windows-server/networking/sdn/security/kerberos-with-spn||target="_blank"]]. |
| 144 |
|
-{{/info}} |
| 145 |
|
- |
| 146 |
|
-(% class="wikigeneratedid" %) |
| 147 |
147 |
=== Password === |
| 148 |
148 |
|
| 149 |
149 |
Password of the service account. |
| ... |
... |
@@ -236,11
+236,11 @@ |
| 236 |
236 |
|
| 237 |
237 |
=== Client module name === |
| 238 |
238 |
|
| 239 |
|
-The name in the //login.conf// file for the client to be used, eg. {{code language="none"}}spnego-client{{/code}}. |
|
234 |
+The name in the //login.conf// file for the client to be used, eg. {{code}}spnego-client{{/code}}. |
| 240 |
240 |
|
| 241 |
241 |
=== Server module name === |
| 242 |
242 |
|
| 243 |
|
-The name in the //login.conf// file for the server to be used, eg. {{code language="none"}}spnego-server{{/code}}. |
|
238 |
+The name in the //login.conf// file for the server to be used, eg. {{code}}spnego-server{{/code}}. |
| 244 |
244 |
|
| 245 |
245 |
{{error}} |
| 246 |
246 |
When you keep getting a HTTP 400 error with Kerberos activated, the most likely cause is that the HTTP header size of the Kerberos ticket exceeds the default header size limit of the application server, eg. Tomcat of JBoss. See the help pages on [[changing the HTTP header size limit>>doc:Formcycle.SystemSettings.TomcatSettings.LimitHTTPHeader]]. |
| ... |
... |
@@ -254,7
+254,7 @@ |
| 254 |
254 |
|
| 255 |
255 |
FQN (fully qualified name) and port of the active directory controller. |
| 256 |
256 |
|
| 257 |
|
-Example: {{code language="none"}}domain.example.com Port: 389{{/code}} |
|
252 |
+Example: {{code}}domain.example.com Port: 389{{/code}} |
| 258 |
258 |
|
| 259 |
259 |
=== SSL connection === |
| 260 |
260 |
|
| ... |
... |
@@ -262,7
+262,7 @@ |
| 262 |
262 |
|
| 263 |
263 |
=== Referral hops === |
| 264 |
264 |
|
| 265 |
|
-The maximum number of referral hops that may be performed on the LDAP server. Setting this to {{code language="none"}}0{{/code}} deactivates referral hops and no references will be followed. |
|
260 |
+The maximum number of referral hops that may be performed on the LDAP server. Setting this to {{code}}0{{/code}} deactivates referral hops and no references will be followed. |
| 266 |
266 |
|
| 267 |
267 |
=== User account (with domain) === |
| 268 |
268 |
|
| ... |
... |
@@ -270,7
+270,7 @@ |
| 270 |
270 |
|
| 271 |
271 |
{{info}} |
| 272 |
272 |
This needs to be a username suffixed with the domain. |
| 273 |
|
-Example: {{code language="none"}}user@EXCAMPLE.COM{{/code}} |
|
268 |
+Example: {{code}}user@EXCAMPLE.COM{{/code}} |
| 274 |
274 |
{{/info}} |
| 275 |
275 |
|
| 276 |
276 |
=== User account password === |
| ... |
... |
@@ -281,25
+281,28 @@ |
| 281 |
281 |
|
| 282 |
282 |
The LDAP baseDN used for looking up the authenticated user. |
| 283 |
283 |
|
| 284 |
|
-Example: {{code language="none"}}ou="intern", dc="example", dc="com"{{/code}} |
|
279 |
+Example: {{code}}ou="intern", dc="example", dc="com"{{/code}} |
| 285 |
285 |
|
| 286 |
286 |
== Make user data available to forms == |
| 287 |
287 |
|
| 288 |
|
-The LDAP user data for the currently authenticated user are stored in the JavaScript object {{code language="none"}}window.XFC_METADATA.user.rawData{{/code}} and can be accessed via JavaScript. |
|
283 |
+The LDAP user data for the currently authenticated user are stored in the JavaScript object {{code}}window.XFC_METADATA.currentUser.ldap{{/code}} and can be accessed via JavaScript. |
| 289 |
289 |
|
| 290 |
290 |
{{info}} |
| 291 |
|
-Which data the JSON structure contains under the rawData property depends mainly on the read rights of the LDAP account, which executes the user search in the LDAP system. |
|
286 |
+The user data that will be retrieved for the current user depends on the (read) permissions of the user account used for the LDAP user lookup. |
| 292 |
292 |
{{/info}} |
| 293 |
293 |
|
| 294 |
|
-To access the property ~/~/userPrincipalName~/~/ of the user from JavaScript, use the following code: |
|
289 |
+{{panel title="Example"}} |
| 295 |
295 |
|
| 296 |
|
-{{code language="javascript"}} |
|
291 |
+To access the property //userPrincipalName// of the user from JavaScript, use the following code: |
|
292 |
+ |
|
293 |
+{{code language="javascript" title=""}} |
| 297 |
297 |
try { |
| 298 |
298 |
// Auslesen der Property und Anzeige in einem Label |
| 299 |
299 |
var elem = $('[name=txt1]'); |
| 300 |
|
- var ldap = XFC_METADATA.user.rawData; |
|
297 |
+ var ldap = XFC_METADATA.currentUser.ldap; |
| 301 |
301 |
if(ldap.hasOwnProperty('userPrincipalName')) { |
| 302 |
|
- elem.html(ldap.userPrincipalName); |
|
299 |
+ elem.append(ldap.userPrincipalName); |
| 303 |
303 |
} |
| 304 |
304 |
} catch (err) {} |
| 305 |
305 |
{{/code}} |
|
303 |
+{{/panel}} |