‎01-05-2013 07:32 AM
Hi there,
We have just installed Mega 2009 SP5 CP8, release 7, with Mega Advisor 2012 and Web Editor. So far so good. The client is blown away.
However, I have a question about the way to setup the web user mapping.
The requirements are:
- anybody with a network windows account should have access to Advisor Read only. Those users need to be mapped to a Guest user, which is linked to a Guest Profile (limited profile hiding the costs)
- only the Mega users can access the Read/Write thing. Those guys will use their Mega User which are connected to Profiles showing the costs even in Read only.
- We are using the same website template.
- Someone without network login should have access to it?
My questions:
- Do I need to setup LDAP Authentication for web users?
- What would be the best way to set that up? I mean with the less maintenance work.
- Is there any way to set up a Single Sign On thanks to the LDAP authentication on Advisor?
Thanks for your help.
Cheers.
f
‎03-05-2013 05:24 AM - edited ‎03-05-2013 08:03 AM
Hi,
Thanks for your reply. I am still struggling with this.
I forgot to mention that:
- the "Guest" Mega User is Mega authenticated.
- the other Mega Users are Windows authenticated.
1) Read Only.
So you are saying that I need to list any users that could log into Advisor? I have potentially 500 of them. Is ther any workaround?
2) Read Write
I got the idea, but the Advisor LDAP authentication doesn't seem to be working with Mega authenticated Mega users, it it make any sense.
Do I need to setup the Mega User as LDAP authenticated to make it work?
To make it clearer, please have a look at my mapping (which doesn't work).
=> if I try to log into Advisor with a non ldap user, I got the following error in the MappingError
12:38:43 - 05/03/13 LDAP authentication error for web user : gj
=> if I try to log into Advisor with a LDAP user, than no errors are thrown, but can't login
ERR_MappingManager : Invalid connection. Check your web user and password or contact your administrator for your user configuration
I'm a bit lost.
Thanks for your help.
<root> <AuthenticationMode>1</AuthenticationMode> <LDAPHost>P00350</LDAPHost> <LDAPPort>389</LDAPPort> <LDAPSSLEnryption>0</LDAPSSLEnryption> <LDAPIdentifier>uid</LDAPIdentifier> <LDAPDNRoot>DC=internal,DC=vic,DC=gov,DC=au</LDAPDNRoot> <WebUser name="fb31"> <ROUser> <environment name="\\p02518\Production\Production" selected="1"> <MegaUser name="EA_Advisor" password=""/> </environment> </ROUser> <RWUser mappingType="1"> <environment name="\\p02518\Production\Production" selected="1" authenticationMode="1"> <MegaUser name="" password="¦¢+-"/> </environment> </RWUser> </WebUser> <group name="SA"> <ROUser> <environment name="\\p02518\Production\Production" selected="1"> <MegaUser name="SA_Advisor" password=""/> </environment> </ROUser> <RWUser mappingType="1"> <environment name="\\p02518\Production\Production" selected="1" authenticationMode="1"> <MegaUser name="" password="¦¢+-"/> </environment> </RWUser> <User name="aim3" email=""></User> <User name="jw0s" email=""></User> </group> <group name="EA"> <ROUser> <environment name="\\p02518\Production\Production" selected="1"> <MegaUser name="EA_Advisor" password=""/> </environment> </ROUser> <RWUser mappingType="1"> <environment name="\\p02518\Production\Production" selected="1" authenticationMode="1"> <MegaUser name="" password="¦¢+-"/> </environment> </RWUser> <User name="aa67" email=""></User> <User name="pl08" email=""></User> <User name="gj21" email=""></User> </group> <group name="BE"> <ROUser> <environment name="\\p02518\Production\Production" selected="1"> <MegaUser name="BE_Advisor" password=""/> </environment> </ROUser> <RWUser mappingType="1"> <environment name="\\p02518\Production\Production" selected="1"> <MegaUser name="" password="¦¢+-"/> </environment> </RWUser> <User name="fd21" email=""></User> <User name="cc40" email=""></User> </group> <Others> <ROUser> <MegaUser name="Guest" password="¦¢+-"/> </ROUser> <RWUser mappingType="1"> <environment name="\\p02518\Production\Production" connectionMode="0" selected="1"> <MegaUser name="" password=""/> </environment> </RWUser> </Others> </root>
‎02-05-2013 09:38 AM
Hi,
Regarding your first question, you need to set up a LDAP authentication and declare explicitly all the windows users on your MappingDatabase.xml file. So, each one who tries to connect to Advisor in Read-Only must provide his Windows password to log on.
Now, for the Read-Write group, and since they use MEGA, you will of course declare these users on the XML file and map each one with his MEGA user.
Of course, you can keep the LDAP authentication for all ( RO and RW users). Anyone without network login won't be able to log on.
I invite you to read the document Web Users Mapping tool.pdf
Mohamed