Basic LDAP integration - SSO
NOTE: Ubisecure product names were unified in autumn 2011. All products which started with term "Ubilogin" were renamed to start with term "Ubisecure". In documentation this name change is implemented retroactively, i.e., the new naming practice is used also when referring to old software versions which started with term "Ubilogin" at the time of their release.
This documentation describes the most basic LDAP specific implementation alternative for the Ubisecure External Directory Integration feature. The main focus is on the installation and configuration of this alternative of the Ubisecure External Directory Integration feature.
This alternative can be used with Active Directories and other LDAP directories when no schema changes can be made to them. In Ubisecure terminology, the chosen directory is also called the External Directory.
In this case the Ubisecure Authentication Server has a read-only LDAP/LDAPS connection with the external directory. There is no need for LDAP schema changes in the external directory as this alternative uses the external directory in a commonly supported way.
Figure 1. Ubisecure Basic LDAP Integration architecture overview |
Requirements
For successful integration, the following conditions should be met:
- Ubisecure SSO Server is accessible with administrative privileges
- Active Directory, AD LDS or LDAP is accessible (Typically port 389, or 636 for SSL)
The external LDAP server must allow anonymous read access to supportedLDAPVersion attribute of root dse object. The version number is checked when initial connection is established.
- Ubisecure Management installation directory is accessible