Focal Point Banner


As of December 1, 2020, Focal Point is retired and repurposed as a reference repository. We value the wealth of knowledge that's been shared here over the years. You'll continue to have access to this treasure trove of knowledge, for search purposes only.

Join the TIBCO Community
TIBCO Community is a collaborative space for users to share knowledge and support one another in making the best use of TIBCO products and services. There are several TIBCO WebFOCUS resources in the community.

  • From the Home page, select Predict: WebFOCUS to view articles, questions, and trending articles.
  • Select Products from the top navigation bar, scroll, and then select the TIBCO WebFOCUS product page to view product overview, articles, and discussions.
  • Request access to the private WebFOCUS User Group (login required) to network with fellow members.

Former myibi community members should have received an email on 8/3/22 to activate their user accounts to join the community. Check your Spam folder for the email. Please get in touch with us at community@tibco.com for further assistance. Reference the community FAQ to learn more about the community.


Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SOLVED] LDAP and DBMS Security

Read-Only Read-Only Topic
Go
Search
Notify
Tools
[SOLVED] LDAP and DBMS Security
 Login/Join
 
DivisionByZero
Silver Member
posted
We are currently using DBMS Security but are interested in using LDAP to enforce password requirements. Is it possible to authenticate through LDAP with a DBMS ID, and have LDAP authenticate that ID with the DBMS?

This message has been edited. Last edited by: DivisionByZero,


Local Development Environment:
WF 7.6.10 on Vista Ultimate 64-bit Edition
Client Environments:
WF 7.1.3, 7.6.4, and 7.6.10 on various Windows Server platforms using servlet implementation over SSL
Oracle and MSSQL DBs
Output formats: HTML, PDF, Excel 2000, XML
 
Posts: 26 | Location: Tampa Bay, FL | Registered: September 30, 2008Report This Post
dlogan
Platinum Member
posted Hide Post
If your LDAP and DBMS id's are the same it might be possible to do a SQL dump from LDAP into the DBMS to periodically update the passwords in DBMS with what was in LDAP.

However, if you were going to do this, you mine as well go directly against the LDAP database.

I do not know of any LDAP product will turn around and authenticate against another source, nor does this type of behavior make too much sense. As a result I would not expect it.

What is the end-goal you are looking for? Why not just go against LDAP for your authentication?


WF 71.x, 76.x, 7701, 8.0 Beta OS: Linux, Win2k3, Win2k, Win2k8, WinXP


 
Posts: 203 | Registered: November 19, 2007Report This Post
Dan Pinault
Guru
posted Hide Post
We use LDAP to AUTHENTICATE our users in the WebFOCUS environment but our data adapter to MSSQL uses SQL AUTHENTICATION against the DBMS. So, every user is unique to WebFOCUS but SQL Server sees all requests as coming from the same credentials.

When it comes to data security we manage all that on the WebFOCUS side by using group-level profiles and declaring filters. I suppose that same security structure could be built on the DBMS side but then you'd have to pass the actual user credentials to the DBMS from WebFOCUS.

I hope this helps.

Dan


7.7.05M/7.7.03 HF6 on Windows Server 2003 SP2 output to whatever is required.
 
Posts: 393 | Location: St. Paul, MN | Registered: November 06, 2007Report This Post
GinnyJakes
Expert
posted Hide Post
quote:
you'd have to pass the actual user credentials to the DBMS from WebFOCUS.

You can actually do this by using SECURITY MODE DBMS. However, it only authenticates to a single data base type.


Ginny
---------------------------------
Prod: WF 7.7.01 Dev: WF 7.6.9-11
Admin, MRE,self-service; adapters: Teradata, DB2, Oracle, SQL Server, Essbase, ESRI, FlexEnable, Google
 
Posts: 2723 | Location: Ann Arbor, MI | Registered: April 05, 2006Report This Post
DivisionByZero
Silver Member
posted Hide Post
Thanks for everyone's responses. To answer the questions:

quote:
Originally posted by dlogan:
What is the end-goal you are looking for? Why not just go against LDAP for your authentication?

We were looking for a way to use LDAP for Authentication and DBMS Security for Authorization. The LDAP IDs are different than the DBMS IDs though. Currently, we are using DBMS security, and the master files refer to Oracle Views that filter results depending on the currently logged-on user ID (i.e., using security tables to lookup authorization parameters).

quote:
Originally posted by Dan Pinault:
... When it comes to data security we manage all that on the WebFOCUS side by using group-level profiles and declaring filters.

I believe that this is the approach we are going to take with MRE, but I was really hoping that we could use our existing security, which would save a lot of time and effort.

The solution that we ultimately decided on was to force a dual signon. Tomcat protects the application directory, so it forces the user to authenticate through LDAP first, and then presents a login page for the WebFOCUS application.

Thanks again for contributing to my post. I just wanted to make sure that I wasn't missing something easy that could be done.


Local Development Environment:
WF 7.6.10 on Vista Ultimate 64-bit Edition
Client Environments:
WF 7.1.3, 7.6.4, and 7.6.10 on various Windows Server platforms using servlet implementation over SSL
Oracle and MSSQL DBs
Output formats: HTML, PDF, Excel 2000, XML
 
Posts: 26 | Location: Tampa Bay, FL | Registered: September 30, 2008Report This Post
  Powered by Social Strata  

Read-Only Read-Only Topic

Focal Point    Focal Point Forums  Hop To Forum Categories  WebFOCUS/FOCUS Forum on Focal Point     [SOLVED] LDAP and DBMS Security

Copyright © 1996-2020 Information Builders