LDAP External Authentication

This chapter describes how to set up Lightweight Directory Access Protocol (LDAP) external authentication.

Overview

Management Framework supports external authentication using LDAP as a way to verify a user's permissions to log on to Genesys applications. The LDAP Authentication Module (AM) delivers an authentication request to one of the supported LDAP Directory Servers and passes back the results of that authentication to the client.

This LDAP implementation has been tested to work with the following LDAP servers:

• Novell E-Directory

• IBM Tivoli Directory Server (or Blue Pages)

• Microsoft Active Directory

• Oracle LDAP Proxy/Internet Directory

• IBM Resource Access Control Facility (RACF)

Configuration Server external authentication supports multiple LDAP servers. The active, or responding, authentication server is used for authorization of all subsequent clients. When this server does not respond, the next server in the list of servers is tried, and if it responds, it becomes the active authentication server. This process continues sequentially through the list of authentication servers.

Starting in release 8.0, LDAP messages concerning the failure (see Error Codes) of each LDAP authentication attempt are relayed from the LDAP AM back through Configuration Server for display to the end user.

Starting in release 8.1, LDAP can be configured on each Configuration Server Proxy in a geographically distributed environment. Therefore, each Configuration Server Proxy can process authentication requests itself, and not pass them on to the Master Configuration Server.

External Authentication Files

Pluggable Module Names for LDAP lists the pluggable modules that Genesys provides for LDAP.

In addition to the pluggable module file, two LDAP files are copied to the destination directory when you install Configuration Server:

ldaperrors.txt —contains default LDAP errors. For its content, see Error Codes.

randgen.rnd —used with Transport Layer Security.