E1 LDAP

We have Separate iSeries Servers for each E1 environment with shared System files. Therefore JDE.INI and Security Kernel per E1 environment. If LDAP is configured it has entries on F00928,F009281 and F009282 in Data Library of the E1 environment where the LDAP config was done, thus these tables are setup per E1 environment. However Add and Modify functionality will be disabled from P0092 and Password Reset Access will be disabled from P98OWSEC, if LDAP is enabled. If we enable LDAP in Development will we be able to Add and Modify from P0092 and perform Password Reset from P98OWSEC in Production? If P0092 that uses Business Function B9200040 to check for LDAP enabling is reading F00928 according to E1 Environment it will work, but if we need to copy F00928 to SY812 then it will Not Work.
 
AVDM,

I'm not exactly sure what you are asking or the purpose of your post. However I do have a comment that may be of assistance.

We have LDAP set up in both our JDE instances, which are completely separate - no shared files or tables. Every now and then we need to be able to edit user profiles etc. so we cloned the P0092 and removed the check for LDAP being enabled.
 
Hi Everyone,

How does everyone deal with test/secondary accounts when using LDAP? My understanding is that once LDAP is live you can no longer sign in with local JDE credentials, so each account would require and AD account as well. And how does it look when you log out... are you able to specify a different account when logging back in, or does JDE just grab your AD credentials again? Any difference for this between fat client and web? I've also been told that we may need to set up additional environments to facilitate logging in with 'JDE only' accounts. Can anyone speak to an easier/cleaner way to deal with secondary accounts?

We are on E1 Tools 9.1.4.4 / Apps 9.0 with Windows 2008/SQL

Thanks,
Roy
 
Even though you resurrected a pretty ancient thread, I would recommend looking at Everest Softwares' SSO product instead of just using LDAP with Long Passwords.

LDAP is "ok" - it pretty much provides a synchronization between JDE and the active directory for passwords - and only works with passwords > 10 characters if you're on a 9.2 tools release. However, its still not perfect, its a "everything or nothing" approach - and it doesn't provide SSO AND there are some issues with it especially with complex domains.

Going the "full" SSO with Oracle is EXPENSIVE. Like ridiculously expensive. And complicated. I think someone already stated how long this takes to implement - and I'd probably double that time involved.

With Everest Softwares' SSO product, you can be up and running with thousands of users in a day or so. Its very scalable, works cleanly, and doesn't prevent you from having local JDE credentials and LDAP credentials. It also works great with FAT Clients - and also provides a true SSO service (logging into JDE as the local user without prompting for a password) if you want. That last part is optional - which is great. Most CNC's really like Everest SSO once they implement it - it completely allows a project to move forward without even thinking about single signon ever again afterwards - which is what you want to see !

http://www.everestsoftint.com/products_sso.php
 
Last edited:
Hi altquark,

Thanks for the reply. The LDAP implementation definitely seems lacking and awkward to deal with. I did get a quote from Everest this morning about their SSO, looks like it might be a good fit for us.

Thanks again,
Roy
 
Everest Software's SSO / Load Balancer tool is a well thought out piece of software for comparatively little money.

Check it out to see if it meets you needs - it did for us.
 
Last edited:
Back
Top