“Novell Security” – Please Don’t Use This
Confession time: We have very few customers using Novell, and this option only exists for legacy compatibility with older systems. Hyland even states in the Authentication MRG that:
“Novell Security is not currently supported. Security must be configured using one of the other available Source of Security Information configurations.”
If you’re already using this, you can however it is not being tested for compatibility and therefore not supported. If you aren’t currently using this (and this should be all of you), please don’t check this box. It’s not supported, and if you had to connect to eDirectory, you would be better served with LDAP Security.
“LDAP Security” – Generic and compatible
LDAP Security is sort of the catch-all security option: In my experience, I’ve used it to connect to UNIX LDAP servers, bind to Novell eDirectory resources, and even as an alternative way to connect to Active Directory.
This is the option you should use if no other option works, or if you are using a unique setup. You can (and should) configure this option to authenticate against multiple servers, for failover reasons. OnBase uses LDAP version 3 to query directory services, so make sure that you are using a compatible LDAPv3 server implementation to use this option.
Let’s take a look at building our first connection. As you can see from the following dialog box, LDAP security looks quite a bit more complex than Windows NT Security, but once OnBase is speaking your LDAP server’s language, it works like a charm.
You fill in the Host, Port, and Server Bind Method, so a connection to the server is established. You then map attributes. In other words, OnBase concepts are mapped to your LDAP server’s versions of the same things.
For example, the “LDAP Class Name” is really mapping to what we would call an “OnBase user”. For Active Directory, you might enter an LDAP Class Name of “user”; for a typical Novell LDAP server, you might need inetOrgPerson. Different LDAP servers use different terms for the same things, and here is where you create these relationships.
Once you map OnBase User: LDAP User, you then map the attributes as well (Username, Full Name, Email, etc). Finally, you tell OnBase what groups are called in the LDAP server, so it can map those to its own groups. Once this is configured, it uses the same general pattern as Windows NT Security, in that it enumerates all groups that the user is part of, and looks for OnBase groups of the same name for a match.
“Active Directory” – Newer, More Advanced, More Granular
If you’re using Active Directory, we’ve saved the best for last. Only available in OnBase 12 and above, the new Active Directory option allows all the ease-of-use that “Windows NT Security” has, while taking away some of the more annoying factors. Active Directory security allows you to map groups easily, is more powerful than NT Security, opens up some really nice features listed below, and generally makes everyone’s life easier.
Once the groups are mapped, rights are assigned exactly as described in Windows NT Security above.
OnBase Security – Summary
Let’s summarize the pros and cons of each security option:
I hope that I was able to de-mystify the choices available for OnBase security, and I really hope we can make the OnBase experience a little bit nicer for you and your end users. As a reminder, we’re always happy to answer any questions that you have at email@example.com regarding this topic, or any topic! Drop us a line and let us know what you think!
A couple years ago when I started thinking about running my first half marathon I knew it was going to be a real project and a real commitment. See, running doesn’t come easily or naturally to me and I don’t hesitate to say I’m usually bringing up the rear in most of my races. Although I’ve been an athlete my […]
Imagine if each time you entered an address into your GPS you only had a 50% shot that you would arrive at your correct location. You would be pretty upset if you weren’t in the 50% that made it to their destination. That is precisely what CMS has uncovered during round two of the online provider directory review. The average […]
MILWAUKEE, February 21, 2018 – Leading enterprise information management system integrator Kiriworks, Inc. wrapped up a strong year by accepting Gold and Diamond Support honors from Hyland. This is the tenth consecutive year that Kiriworks has been awarded high honors for their excellence in developing, implementing and supporting OnBase solutions. One of the keys to Kiriworks’ success over the past […]
The Winter Olympics are here! If you’re like me, you’re looking forward to the excitement and thrills of international competition! I am a snowboarder so I have a personal love for winter sports and will be glued to my TV and social media feeds watching the events and keeping medal counts. There is such an inspirational culture built at the […]