Presentation given by Gary Falcon of Aptiris on how to automate creation of accounts for FirstClass, authenticate against Active Directory or LDAP, and leverage existing FirstClass data for external systems.
9. LDAP Comparison
Internet Services Directory Services
Authenticate with UserID Authenticate with LDAP DN
All directory objects Choice of directory objects
using BaseDN
Global directory only User contacts
ClientID as UID UserID as UID
Less configurable More configurable
LDAP-format DN
10. Data Exchange Files / ODBC
Build in FCAS
Custom built: export
exactly what is required
Automate schedule
Write to text file or ODBC
data source
11. Which to use?
1. Internet Services LDAP: First choice
2. Directory Services LDAP: When #1
doesn’t provide necessary attributes
or function
3. Application Services: When LDAP
functions aren’t available
15. Authentication Workflow
Client User ID &
Password
FCS
FCDS
yes LDAP no
controlled?
yes FCDS no
avail?
yes AD no
avail?
yes Valid
Valid no login?
login?
yes no
Cache data
in FCS Username
Log user in
or PW error
19. FCDS Provisioning
Works with AD, OpenLDAP
With or without
authentication
Account adds / removes /
changes
Creates groups from OUs
Matches to sAMAccount
Name (AD) or DN (LDAP)
One-way replication
21. Challenges
OU structure vs/
FirstClass groups
AD Groups are not
replicated
Will delete your
directory if you tell it to
22. Custom Provisioning
Data can be brought in
from any system
Handles account adds /
removes / changes
Flexible handling of group
associations
Custom apps can follow
any required logic
Provisioning only; no
authentication
23. Getting Help
Limited support from FirstClass
Aptiris can assist with:
Support (for Aptiris clients)
Implementation services
Ad-hoc consultation
info@aptiris.com / 877.864.3534