Posted: 13 Feb 2017 9:47 EST Last activity: 15 Feb 2017 14:31 EST
LDAP Authentication Mapping Question
I am using Pega 7.2.0. Regarding LDAP authentication, I was wondering if the organization information (that can be specified on the LDAP 'mapping tab' is required for LDAP authentication or is it optional? (my LDAP environment is not yet setup for me to test this).
The mapping of organization information is optional but if your using a OTB authentication activities like AuthenticationLDAP then you should also modify the activity AuthenticationLDAPVerifyCredentials. (AuthenticationLDAP calls AuthenticationLDAPVerifyCredentials.)
There is logic on AuthenticationLDAPVerifyCredentials that looks for organizational information passed in from LDAP mapping. This is in step 4 and used to dynamically create the Data-Admin-OperatorID record for users that don't yet have one using a model operator record referenced in the Organization Unit record.
The login activities like AuthenticationLDAP are starting points so you can of course modify these to fit your business needs. They are not final and it's expected some changes will be required.
As a side question - when I access the Pega LDAP url, it appears the image and styling links are broken (as shown in attachment). Not sure if you have any idea why? (I noticed the same web issue when my pega academy session timed out).
This only occurs when you have the prconfig or DSS setting for Authentication/RedirectGuests set to "false" and are using Custom Authentication. You only set this configuration setting to false when using PRGateway application used for satisfying same domain origin policy when implementing a Mashup in PRPC 7.2 or lower.
If you are using PRGateway then I have a solution for you. If you are not using PRGateway set Authentication/RedirectGuests to "true"