Thanks for your feedback. I already worried about that. But as it still sounds like a nice solution to have SSO for LiveServer, let's give it a try. As I am not much expierienced with these kind of things (Tomcat authentication, NTLM in general and the way how to connect that to LiveServer), I think this will be a good deal of work...
On Apr 7, 5:24 pm, "Henry Lu a.k.a. Javahand" <[email protected]> wrote: > Daniel-- > > Implementation on a Windoze box with IIS will surely make the NT token > passing much easier than what you are faced with. > > Since you are a 'nux box, your best battle field would be the app server -- > Tomcat, rather than the OS. There's a lot of Tomcat based NTLM or AD > authentication done and you should be able to google and find a bunch of > examples. > > Sounds like its time for you to roll up your sleeves and start putting some > .jsp pages in that sacred "/cps/" directory. > > Have fun. > > Henry Lu > > > > On Wed, Apr 7, 2010 at 11:06 AM, Daniel <[email protected]> wrote: > > Henry, > > > thank you very much for your post. It was not my intention to sound > > off the import method. I think it works wonderful, but the data in our > > AD is very inconsistent (maintained by a lot of people in different > > locations during some years now). So not the import method is my > > problem (of course), but the fact that the user management of > > LiveServer handles the user names case sensitive (combined with the > > fact that we have "bad" data :) ). Correct me if I'm wrong, but nobody > > will ever be so mad and have a user john.doe and a John.Doe for two > > different persons. > > > The point I think is in between the two steps you described. Mr. John > > Doe is imported as John.Doe, but likes to authenticate as john.doe. So > > LiveServer does take this as a "new" user. > > > But your point about the NT Challenge/Response process sounds very > > interesting to me, because it would be even better if users don't have > > to enter a username/password. Where do I find some more details about > > setting this up for LiveServer (on a debian/tomcat/mysql combination)? > > > Kind regards, > > Daniel > > > On 7 Apr., 15:07, "Henry Lu a.k.a. Javahand" <[email protected]> > > wrote: > > > Daniel-- > > > > Something sounds a little off on your "import" method. > > > > The connector to AD should be able to import users -- on basis of desired > > > filtration -- directly from AD repository on scheduled basis. So whatever > > > case the username is stored, it gets imported verbatim into to LiveServer > > > user directory. > > > > Further, authentication of a user can be against AD directly. Once a user > > is > > > already authenticated, the proper method should be just to log the user > > in > > > using the "trusted" dynament. * > > > > In my afore-prescribed scenario, whatever John Joe chooses to type in, as > > > long as AD OK's it, LiveServer goes along and just keeps on copy of John > > > Joe's profile originally imported from AD. > > > > Let me know if this makes sense to you. > > > > Henry Lu, a.k.a. Javahand > > > > P.S.: * I believe the NT Challenge/Response process pushes the AD-stored > > > username (with case integrity from AD repository) into the browser > > session, > > > thus guaranteeing a case match between the browser-carried username and > > > LiveServer stored username. > > > > Of course, if you are using the user-typed username from the form, you > > are > > > at the risk of a mis-match. > > > > On Wed, Apr 7, 2010 at 8:48 AM, Daniel <[email protected]> wrote: > > > > Hey guys, > > > > > we are facing the issue that when logging on to the OT Delievery > > > > Server (former LiveServer) the username and password is case > > > > sensitive. For passwords this seems normal, but our users have > > > > problems with typing the username case sensitive. We authenticate the > > > > users via a Directory Server connector in a MS Active Directory and > > > > import them after a correct login. That means AD authenticates all > > > > users correctly nevertheless if he is spelled john.doe, John.doe, > > > > JOhn.dOE, and so on, so he is imported to the local user directory. > > > > And so there are a lot of duplicated that don't have consistent groups > > > > as there are some groups maintained in the Delievery Server User > > > > database. > > > > > The point is we imported a lot of users through the connector and the > > > > user names of these where not consistent, either. So the "simple > > > > solution" to have a toLower() function at the login form, will not > > > > work. > > > > > I already contacted the support a while ago and they said this > > > > behaviour will not be changed in the future. Did someone have the same > > > > problem and maybe had an idea how to solve this? > > > > > Any help is appreciated. > > > > Thanks a lot, > > > > Daniel > > > > > -- > > > > You received this message because you are subscribed to the Google > > Groups > > > > "RedDot CMS Users" group. > > > > To post to this group, send email to [email protected] > > . > > > > To unsubscribe from this group, send email to > > > > [email protected]<reddot-cms-users%[email protected]> > > <reddot-cms-users%[email protected]> > > > > . > > > > For more options, visit this group at > > > >http://groups.google.com/group/reddot-cms-users?hl=en. > > > > -- > > > 646-807-8683- Zitierten Text ausblenden - > > > > - Zitierten Text anzeigen - > > > -- > > You received this message because you are subscribed to the Google Groups > > "RedDot CMS Users" group. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]<reddot-cms-users%[email protected]> > > . > > For more options, visit this group at > >http://groups.google.com/group/reddot-cms-users?hl=en. > > -- > 646-807-8683 -- You received this message because you are subscribed to the Google Groups "RedDot CMS Users" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/reddot-cms-users?hl=en.
