User IDs and LDAP integration

PBRoberts

Member
Hello all - trying for some more brainpower! It would be great if people might be able to confirm my assumptions, clarify my conclusions, and provide some thought on my question:

Assumption - E1 user IDs are limited to 10 characters. This is all that is allowed on the client login, and the db field is only 10 chars.

Assumption - LDAP integration invovles attaching a unique field in the LDAP provider directory to the E1 user ID. The values within the fields must match for a user to be authenticated - ie, the E1 user ID and the attached field from LDAP.

Assumption - the same rules apply to group/role names and passwords.

Conclusion - the values in the LDAP field that is referenced for search must be no longer than 10 characters

Conclusion - if LDAP users are longer than 10 characters, the user name that those people input to an E1 login screen must be different from their desktop login. The passwords will match, however.

Conclusion - to accommodate users that have LDAP names longer than 10 characters, one would be required to make horrendous modifications to increase the E1 user ID field length (ouch) or assign a different user ID to them for E1 and desktop login.

Question - can Single Signon be used to avoid the double user ids that this will cause?

Thanks in advance for any help!
 
Forgot to mention a couple things...

Application version 8.11SP1
Tools 8.95H1
LDAP server - Active Directory 2003(MS)
Enterprise/JAS server win2k3
 
I opened up a call and talked to a few people at Oracle directly on this same issue and this is the basic issue.

1)User ID's and Passwords for LDAP can be longer than 10 characters but they are not supported. The reason for this is that not ALL of the combinations of EnterpriseOne applications can handle it. Meaning, E1 can handle it, but not all of the integrated applications such as CRM, XPi, etc. can.

2) "Special Characters" that are supported on one OS may not be supported on another or they may be interpreted by different OS's differently. This adds an additional layer of complexity. If you look at the Processing Options for the P98OWSEC under Passwords you can see that E1 supports Special Characters... So to me this is a disconnect.

My personal opinion is that you can get away with using LDAP for authentication with any password / user combo depending on
1) The OS of the LDAP Server
2) Integration points

I think that #2 is the primary reason that they state they don't support special chars / long user names. Because some of the integrated applications don't have them. If you are strictly running E1, I think you can do it. And that's what I've gathered from my conversations.
 

Similar threads

E9.1 Assess if only one user ID should be used to run all scheduled jobs in JDE
Replies
1
Views
1K
markdcci
markdcci
seeni.nithin
E9.1 JDE Database Default Accounts Password Reset for LDAP enabled systems.
Replies
4
Views
3K
seeni.nithin
seeni.nithin
JohnDanter2
E9.2 AIS calls - internal call speed vs external call speed and how to speed up external calls
Replies
5
Views
1K
glen7x
JohnDanter2
E9.2 MEP DSI Hotfix and ERRC ErrorCode flag issues
Replies
2
Views
742
JohnDanter2
JohnDanter2
JohnDanter2
E9.2 How to make an AIS Orch Call always return "output": [ ... ] even in Error
Replies
16
Views
3K
JohnDanter2
JohnDanter2
Back
Top