Configuring Contextless Login
Contextless login allows users to log in without specifying their directory context. By default, iManager enables this feature and sets users up for contextless login if the users meet the following criteria:
- They are in the same container as the iManager PCO object or the Admin User object for the server. Any subcontainers are automatically searched also.
- They use the CN attribute for logging in.
- They have inetOrgPerson as their user class. inetOrgPerson is the LDAP name for this class. The eDirectory name for this class is User.
If you have users who do not meet this profile, you need to configure contextless login to add additional containers, attributes, or user classes. See the following sections:
- Adding Portal Containers
- Adding Other Attributes
- Modifying the User Object Class
- Enabling or Disabling Contextless Login
Adding Portal Containers
By default, the context of the iManager PCO object and the context of the Admin user are set up as Portal containers for contextless logins. If your user objects exist in other containers, you need to add these containers to the Contextless Login search path.
To add other containers for contextless logins:
-
In iManager, click the Configure button
. -
In the Contents panel, click iManager Configuration > Portal.
-
In the right pane, click Properties.
-
Use the Add and Remove buttons to select and add additional containers.
You only have to set up top level containers as Portal containers. Subcontainers under Portal containers automatically work with contextless logins.
-
Save your changes.
The portal should automatically refresh to use the new settings. If you want to refresh the portal manually, click Refresh Portal > Refresh All > Refresh.
Adding Other Attributes
The portal also has the capability for contextless login with other attributes than the CN attribute of the user object (such as e-mail address, fullname, etc.).
To add other attributes for contextless logins:
-
In iManager, click the Configure button
. -
In the Contents panel, click iManager Configuration > Portal.
-
In the right pane, click Configuration.
-
In the Attributes to Use for Contextless Login line, click Edit.
In the window, add the attributes to the list. All attributes are in LDAP format. CN is assumed if no attributes are set. If you set any attributes, you must also specify CN.
-
Save your changes.
Modifying the User Object Class
The portal also has the capability for contextless login with object classes other than inetOrgPerson such as Person, Organizational Person, etc. For example, to have contextless login search for all objects that inherit from the Person class which includes the Organizational Person and User classes, you would add the following line to the PortalServlet.properties file located in $TOMCAT_HOME$/webapps/nps/WEB-INF:
System.UserClass=person
NOTE: In eDirectory, User is the class name for the LDAP inetOrgPerson class.
Enabling or Disabling Contextless Login
When contextless login is disabled, users must enter their fully distinguished name (for example, cn=user,o=container) in order to log in. When enabled, users do not need to include their directory context, but can log in using just the log in attribute, usually CN. By default, contextless login is enabled.
To enable or disable contextless login: