OpenWGA 7.9 - OpenWGA Concepts and Features

Authentication » Authentication sources » Directory Server

Login strategy

Directory servers have quite different behaviours in the logins they accept and generally the way they work as an authentication source. OpenWGA tries to address all possible behaviours by implementing this strategy to logging in with user credentials:

1.) At first OpenWGA will try to login to the directory server by passing on the given user name unmodified, just as it was entered by the user. This step works if the user entered his full distinguished name or any name variant that the directory server accepts directly.

2.) The next try is to interpret the given user name as the distinguished user name relative to the configured user base node. OpenWGA therefor appends the base node to the given user name and tries to login to the directory server with this. For example, if the user gave the following name:

cn=Max Mustermann,ou=Ratingen

And the base node is:

ou=Users,o=MyCompany,c=DE

Then OpenWGA will try the following user name combination

cn=Max Mustermann,ou=Ratingen,ou=Users,o=MyCompany,c=DE

3.) On the last try OpenWGA will login to the directory server either with a configured directory server master login (if available) or anonymously. Then it will search the directory for the given user name. Therefor it queries the subnodes of the configured user base node for nodes that contain the given user name in one of the properties that are configured to contain user aliases. If it finds a matching node it will try to login to the directory server with its fully distinguished name and the given password.

Setting up SSL connection »

« Server types and configuration