Some web applications leave authentication as an orthogonal concern to the application – not including any kind of login functionality and instead leaving authentication as an operational concern.
When this happens, a reverse proxy that has an LDAP integration can act as an architectural sentry in front of the web application and also fulfills the requirements for Single Sign-On. Apache2 serves this purpose very well with minimal overhead.
Continue reading “Apache2: Enable LDAP authentication and SSL termination for Ubuntu”
Troubleshooting LDAPSync issues are often much easier at the command line where you can do an immediate invocation of the job without having to continually refresh DA and wait for the job to be executed. Continue reading “Documentum: LDAPSync from the Command Line”
The most common way of integrating your existing Identity Management system with Documentum is to offer SSO (Single Sign-On) via the LDAP Synchronization job.
This requires that you set a Base DN for Documentum to search through, but it is not uncommon when dealing with real-world LDAP servers to have LDAP referrals in that search space. This is transparent, but it can cause performance issues, and even cause the job to timeout if the forwarded DNS name is not resolvable from the Content Server host.
Continue reading “Documentum: Ignoring Referrals from the LDAP Synch Job”