Kiriworks Blog

“Novell Security” – Please Don’t Use This

Confession time: We have very few customers using Novell, and this option only exists for legacy compatibility with older systems. Hyland even states in the Authentication MRG that:

Novell Security is not currently supported. Security must be configured using one of the other available Source of Security Information configurations.”

If you’re already using this, you can however it is not being tested for compatibility and therefore not supported. If you aren’t currently using this (and this should be all of you), please don’t check this box. It’s not supported, and if you had to connect to eDirectory, you would be better served with LDAP Security.

“LDAP Security” – Generic and compatible

LDAP Security is sort of the catch-all security option: In my experience, I’ve used it to connect to UNIX LDAP servers, bind to Novell eDirectory resources, and even as an alternative way to connect to Active Directory.

This is the option you should use if no other option works, or if you are using a unique setup. You can (and should) configure this option to authenticate against multiple servers, for failover reasons. OnBase uses LDAP version 3 to query directory services, so make sure that you are using a compatible LDAPv3 server implementation to use this option.

Let’s take a look at building our first connection. As you can see from the following dialog box, LDAP security looks quite a bit more complex than Windows NT Security, but once OnBase is speaking your LDAP server’s language, it works like a charm.

 

 

You fill in the Host, Port, and Server Bind Method, so a connection to the server is established. You then map attributes. In other words, OnBase concepts are mapped to your LDAP server’s versions of the same things.

For example, the “LDAP Class Name” is really mapping to what we would call an “OnBase user”. For Active Directory, you might enter an LDAP Class Name of “user”; for a typical Novell LDAP server, you might need inetOrgPerson. Different LDAP servers use different terms for the same things, and here is where you create these relationships.

Once you map OnBase User: LDAP User, you then map the attributes as well (Username, Full Name, Email, etc). Finally, you tell OnBase what groups are called in the LDAP server, so it can map those to its own groups. Once this is configured, it uses the same general pattern as Windows NT Security, in that it enumerates all groups that the user is part of, and looks for OnBase groups of the same name for a match.

“Active Directory” – Newer, More Advanced, More Granular

If you’re using Active Directory, we’ve saved the best for last. Only available in OnBase 12 and above, the new Active Directory option allows all the ease-of-use that “Windows NT Security” has, while taking away some of the more annoying factors. Active Directory security allows you to map groups easily, is more powerful than NT Security, opens up some really nice features listed below, and generally makes everyone’s life easier.

Once the groups are mapped, rights are assigned exactly as described in Windows NT Security above.

 

  • You can more easily authenticate across domains in a given forest without queries to all domains in the forest. Tell OnBase what to search for and where!
  • Your group names no longer have to match. You map AD groups to OnBase groups using the GUI. No longer does your Active Directory have to have 40 different user groups all starting with “OB…”
  • No Access to a domain controller or an Active Directory snap-in required! Just configure everything from OnBase Configuration!
  • You can test from the OnBase interface to see what user groups are coming back from Active Directory. No longer do you have to troubleshoot from the diagnostics console or a verbose log!
  • You can Auto-Create an OnBase group based on a domain group.
  • You can Auto-Create an OnBase user based on a domain user.
  • Finally, if coming from Windows NT Security, you can Auto-Configure a domain to match up domain and OnBase groups. Easy.

 

OnBase Security – Summary

Let’s summarize the pros and cons of each security option:

  1. OnBase Authentication – Easy to understand and troubleshoot, no special configuration needed.
  2. Windows NT Security – Old reliable, all groups have to be named the same. Managed in Active Directory.
  3. Novell Security – Nope Nope Nope.
  4. LDAP Security – Complex but powerful. Can connect to many types of systems. Good choice for multiple domains.
  5. Active Directory – You need OnBase 12+. Good choice for multiple domains. Good migration point from NT Security. Able to manage almost everything from the interface.

I hope that I was able to de-mystify the choices available for OnBase security, and I really hope we can make the OnBase experience a little bit nicer for you and your end users.  As a reminder, we’re always happy to answer any questions that you have at support@kiriworks.com regarding this topic, or any topic! Drop us a line and let us know what you think!

Kiriworks Like, Follow & Share:

Digital Transformation in Manufacturing: Getting You Ready For Race Day

A couple years ago when I started thinking about running my first half marathon I knew it was going to be a real project and a real commitment. See, running doesn’t come easily or naturally to me and I don’t hesitate to say I’m usually bringing up the rear in most of my races. Although I’ve been an athlete my […]

Posted in Kiriworks Blog | Tagged , , , , , | Comments Off on Digital Transformation in Manufacturing: Getting You Ready For Race Day

Bad Data Is No Different Than No Data.

Imagine if each time you entered an address into your GPS you only had a 50% shot that you would arrive at your correct location. You would be pretty upset if you weren’t in the 50% that made it to their destination. That is precisely what CMS has uncovered during round two of the online provider directory review. The average […]

Posted in Kiriworks Blog | Tagged , , , , , | Comments Off on Bad Data Is No Different Than No Data.

Kiriworks Continues Success and Growth in 2017, Receiving Performance Awards, Expanding Partnerships and Growing Product and Technical Support Teams

MILWAUKEE, February 21, 2018 – Leading enterprise information management system integrator Kiriworks, Inc. wrapped up a strong year by accepting Gold and Diamond Support honors from Hyland. This is the tenth consecutive year that Kiriworks has been awarded high honors for their excellence in developing, implementing and supporting OnBase solutions. One of the keys to Kiriworks’ success over the past […]

Posted in Uncategorized | Leave a comment

Be an Olympic Athlete in the Work Place

The Winter Olympics are here! If you’re like me, you’re looking forward to the excitement and thrills of international competition! I am a snowboarder so I have a personal love for winter sports and will be glued to my TV and social media feeds watching the events and keeping medal counts. There is such an inspirational culture built at the […]

Posted in Kiriworks Blog | Tagged , , , , , , | Comments Off on Be an Olympic Athlete in the Work Place
Kiriworks Like, Follow & Share:
February 5, 2016

OnBase Network Security Explained: More Complexity, More Flexibility (Part 2)

“Novell Security” – Please Don’t Use This Confession time: We have very few customers using Novell, and this option only exists for legacy compatibility with older systems. Hyland even states in the Authentication MRG that: “Novell Security is not currently supported. Security must be configured using one of the other available Source of Security Information configurations.” If you’re already using […]
January 20, 2016

OnBase Network Security Explained: One Less Password Please! (Part 1)

Logins and their associated passwords have been used on computers since almost the beginning of time.  And with this need for authentication, every software platform has tried to make it easier to grant appropriate access to resources like file shares, email, and applications. Managing a user’s identity is important, with many different software companies implementing their own solutions. The problem […]
December 11, 2015

The Importance of Having a Strong Project Manager

You’ve probably heard about how important it is to have an experienced Project Manager for the simple reason of ensuring project success. It’s like buying project insurance. You’ve probably also heard the statistics that less than half of software development projects finish with a product the customer is thrilled with, within the desired scope, schedule and budget. From an earlier […]
November 7, 2015

Oh No! It’s Change…

“Progress is impossible without change, and those who cannot change their minds cannot change anything.” -George Bernard Shaw Why are people so afraid to change? Sure, it can be scary and the fear of the unknown isn’t the best feeling, but you change things everyday and these changes don’t scare us. For instance, you change the way you look, the […]