PBRoberts
Member
Hello all - trying for some more brainpower! It would be great if people might be able to confirm my assumptions, clarify my conclusions, and provide some thought on my question:
Assumption - E1 user IDs are limited to 10 characters. This is all that is allowed on the client login, and the db field is only 10 chars.
Assumption - LDAP integration invovles attaching a unique field in the LDAP provider directory to the E1 user ID. The values within the fields must match for a user to be authenticated - ie, the E1 user ID and the attached field from LDAP.
Assumption - the same rules apply to group/role names and passwords.
Conclusion - the values in the LDAP field that is referenced for search must be no longer than 10 characters
Conclusion - if LDAP users are longer than 10 characters, the user name that those people input to an E1 login screen must be different from their desktop login. The passwords will match, however.
Conclusion - to accommodate users that have LDAP names longer than 10 characters, one would be required to make horrendous modifications to increase the E1 user ID field length (ouch) or assign a different user ID to them for E1 and desktop login.
Question - can Single Signon be used to avoid the double user ids that this will cause?
Thanks in advance for any help!
Assumption - E1 user IDs are limited to 10 characters. This is all that is allowed on the client login, and the db field is only 10 chars.
Assumption - LDAP integration invovles attaching a unique field in the LDAP provider directory to the E1 user ID. The values within the fields must match for a user to be authenticated - ie, the E1 user ID and the attached field from LDAP.
Assumption - the same rules apply to group/role names and passwords.
Conclusion - the values in the LDAP field that is referenced for search must be no longer than 10 characters
Conclusion - if LDAP users are longer than 10 characters, the user name that those people input to an E1 login screen must be different from their desktop login. The passwords will match, however.
Conclusion - to accommodate users that have LDAP names longer than 10 characters, one would be required to make horrendous modifications to increase the E1 user ID field length (ouch) or assign a different user ID to them for E1 and desktop login.
Question - can Single Signon be used to avoid the double user ids that this will cause?
Thanks in advance for any help!