The UMRA LDAP functions are typically used in a Microsoft Active Directory network environment with some other directory service that co-exists in the same network infrastructure. The other directory service is for instance Novell eDirectory or an OpenLDAP implementation on Linux. As long as the directory service supports LDAP, the directory service can be managed with UMRA.
The computer that runs the directory service and supports LDAP is referred to as the LDAP Server. The software that connects to the LDAP Server is referred to as the LDAP Client. According to these conventions, the UMRA software always acts as the LDAP Client and the contacted directory service system is the LDAP Server.
In a helpdesk environment, the UMRA Forms client runs on a helpdesk computer. When a form is submitted by a helpdesk employee, the form and form input data is sent to the UMRA Service. The UMRA Service executes the script associated with the form. In a hybrid directory service environment, the script contains UMRA LDAP script actions to manage the LDAP directory service.
Network with helpdesk running UMRA Forms in a hybrid directory services network.
The LDAP protocol supports a large variety of features for security and authentication. With UMRA, 2 options are available:
Not secure: All communication with the LDAP Server and the UMRA software is not encrypted. Authentication is accomplished using an account name and a password that is send as clear text. Although simple to implement, this option is not recommended because of security reasons. The option can be used for testing purposes.
Secure with SSL: All communication between the LDAP client, e.g. the UMRA software and the LDAP Server is encrypted using the SSL standard. This option is recommended and secure. All data is encrypted.
To implement this option, SSL certificates need to be installed on both the LDAP Client and Server. The methods how to do this, largely depends on the implementation of the operating system and directory service. For Microsoft Active Directory, Novell eDirectory and Linux OpenLDAP the exact implementations are described in this document. For other systems, a similar approach must be used. For more detailed information, see the document Managing LDAP directory services with UMRA on our website.
See also:
Managing LDAP Directory Services using UMRA - Introduction
Script Action: Setup LDAP session
Script Action: Load LDAP modification data
Script Action: Add directory service object (LDAP)
Script Action: Modify directory service object (LDAP)