RE: [docent_users] Checking for existing LDAP credentials

Jon,

Well, I think that means you have 3-4 more years of job securityJ I’m
seeing similar with some of my customers choosing to just stay the course with
D65, especially with all of the functionality that we have added. Other
customers started on the path to migrate to new LMS vendors a year or so ago and
have either completed their migration or are only just a short ways away from
making the switch.

If you end up in the unemployment line, let me know and I might
have some freelance work for you…

Robert

From:
docent_users@yahoogroups.com [mailto:docent_users@yahoogroups.com] On Behalf
Of Jon Dwyer
Sent: Monday, December 01, 2008 7:28 AM
To: docent_users@yahoogroups.com
Subject: RE: [docent_users] Checking for existing LDAP credentials

Not that this is helpful to the topic, but
keying on "still on Docent"...I think I've been to the upgrade point
inside my company 3 times now, stopped each time for a different reason. but
recently, we're in the "Tal Mgt Suite" mode and have left behind the
concept of "upgrading the LMS". It's "moving to the strategic
integrated TM Suite".
So, SumTotal is only looked at as a competitor to our PeopleSoft HRMS
and TM Suite folks, not as an LMS vendor.
That remakes our decision into a 3 - 4 year "HR Technology" strategy,
with LMS replacement as middle/low priority.

And then there's that pesky economy, which has effectively changed my HR Tech
strategy into a nice Powerpoint.

So, this is all a fancy way of saying that I've got Docent right where we
want it with customization, and it's a long, long way before it will be
replaced.

Would be interested in others' experience.

Hopefully still employed when you answer,

Jon

To: docent_users@yahoogroups.com
From: robertt@rtnetworks.com
Date: Sun, 30 Nov 2008 15:57:53 -0800
Subject: RE: [docent_users] Checking for existing LDAP credentials

Jon,

Happy
Thanksgiving to you too! Haven’t heard from you in a while.
Wasn’t sure you were still doing Docent. Great to hear you are
still around.

No you got
the point perfectly. Your technique is similar to how Docent does their
NT authentication. Docent uses AUTH_USER and REMOTE_USER in
combination with turning off anonymous authentication and using IIS’
integrated security model. My only issue is that many years ago there
were some issues with the non IE browsers, I don’t recall the details,
but it may have been the clear text passwords when not using SSL. This
just might just be the only way to really do this, but I believe that this
webserver is in a different domain tree than my users, which may cause
additional problems.

Thanks for
the ideas. I think I’m going to end up using what you mentioned,
but I knew several of the users in this group have SSO configured and was
wondering what we were all doing to make the login page disappear if the user
had already authenticated with the server.

Don’t
be a stranger and thanks for contributing.

Robert

From: docent_users@yahoogroups.com [mailto:docent_users@yahoogroups.com]
On Behalf Of Jon Dwyer
Sent: Sunday, November 30, 2008 2:48 PM
To: docent_users@yahoogroups.com
Subject: RE: [docent_users] Checking for existing LDAP credentials

Robert,

Happy Thanksgiving.

This isn't directly LDAP, but could it be as simple as retrieving the
domain/loginid that you get with
response.servervariables("LOGON_USER")? In other words, if they're
logged into Windows/the network, then they are "authenticated" and
you could pass the ID on in.

I do something like this for my Docent system - I have a nightly import of
Active Directory ID's attached to DRUser records. I retrieve LOGON_USER, and
use it to match with the A.D. ID in DRUser (and domain, but that's another
story), and if so, I build the Docent login string and pass them on into
Docent. If not, they get a login page. This has been my "single
signon" solution.

Sorry if I've missed the point entirely.

Jon
Owens Corning

To: docent_users@yahoogroups.com
From: robertt@rtnetworks.com
Date: Sat, 29 Nov 2008 10:55:58 -0800
Subject: [docent_users] Checking for existing LDAP credentials

The reference install has a form based version of LDAP
authentication. I.e., the user must enter their login credentials and
then these credentials are used to authenticate against LDAP. Since many
intranets implement LDAP for numerous applications, I’m looking at a
trying to find a way to check and see if the user has already been
authenticated by LDAP before presenting the user the LDAP login form and
skipping the extra authentication step if possible. Has anyone tried this
within Docent? What kind of approach did you use? Did you use a
hybrid of the NTLM and LDAP?

Thanks,

Robert

__._,_.___

Messages in this topic (5)

Reply (via web post)
|

Start a new topic

Messages

MARKETPLACE

From kitchen basics to easy recipes - join the Group from Kraft Foods

Change settings via the Web (Yahoo! ID required)
Change settings via email: Switch delivery to Daily Digest | Switch format to Traditional

Visit Your Group
|

Yahoo! Groups Terms of Use |

Unsubscribe

Recent Activity