LDAP integration is a licensed feature that when enabled allows SilhouetteCentral to sync users and groups with an LDAP server. SilhouetteCentral should be compatible with both Active Directory and Posix LDAP implementations. For details of the LDAP directory structure that is required for SilhouetteCentral integration see section LDAP Requirements.
When LDAP is available the LDAP configuration screen is accessed through the LDAP option under the Server -> Integration menu on the admin pages .
|
Enable LDAP Integration Configures whether LDAP integration is enabled in SilhouetteCentral. If this is disabled, then any associated users and groups that have been created will be disabled. |
|
Authentication mode There are three modes available Manual sign-on, Automatic and manual sign-on, Automatic sign-on only. |
|
Sync Interval If SilhouetteCentral should query the Active Directory on a regular basis, then set the Sync Interval to the number of minutes it should wait between synchronizations. To disable this feature set it to 0. |
|
Save Saves the settings described in A, B, and C above. Does not save anything below this button. |
|
LDAP Directories This will display a list of all the currently configured LDAP directories. Click on a row on the grid to select that record, then click the buttons |
|
Sync Button Click to sync the selected directory record. This will first display a preview of the sync and ask for confirmation before it is performed. See Preview Sync. |
|
Add Button Click this to add a new directory record. See LDAP Integration Options. |
|
Edit Button Click to edit the selected directory record. See LDAP Integration Options. |
|
Delete Button Click to delete the selected directory record. Once deleted, the associated users and groups will be removed from SilhouetteCentral. |
When ldap integration is enabled there are three authentication options.
Manual sign-on only
The user is always prompted for their username and password. User accounts can be LDAP accounts or accounts administered within SilhouetteCentral.
Automatic and manual sign-on
Users can log on with either LDAP accounts or accounts administered within SilhouetteCentral. The behaviour of SilhouetteCentral and SilhouetteConnect is different.
When SilhouetteConnect is started, it will automatically attempt to log on using the users Windows domain credentials already authenticated to Windows (Windows Integrated Authentication). If that user account does not have access to Silhouette (or the subsequently log off) then the log on screen is shown and the user can enter a username and password manually.
When a user browses to the SilhouetteCentral instance, they are presented with the normal log on page with an additional link allowing them to use their Microsoft Windows domain credentials instead of typing them in. See Logging On to SilhouetteCentral.
Automatic sign-on only
Both SilhouetteConnect and SilhouetteCentral attempt to log the user in using the currently authenticated Windows domain credentials (Windows Integrated Authentication). If those user credentials don't have access to Silhouette then a different user must log in to Windows to access Silhouette.