立即与支持人员聊天
与支持团队交流

Stat 6.1 - System Administration Guide

Overview of Stat Administration Administrative Utilities Stat Security General Maintenance Tables
System Maintenance Service Domain Maintenance Department Maintenance Issue Tracking Maintenance Country Maintenance Customer Maintenance Object Type Maintenance PeopleSoft Environment Connection Maintenance Pre/Post Migration Steps Parameters Oracle Applications Configuration Oracle Applications Connection Maintenance Generic Application Connection Maintenance Schema Object Parameters Maintenance Data Object Maintenance PeopleSoft Search Configurations Stat Report Definition Maintenance Version Control Management Connection Maintenance
Service Domain-Specific Maintenance Configuring the Stat Central Agent Email Configuration Object Security Appendix: Sample Service Domain Configuration Appendix: User Class Rights Appendix: Creating a Staging Database Appendix: Database Tuning Appendix: Oracle Applications File Type Directory Appendix: Ports and Firewalls Appendix: Stat Web Services Appendix: Troubleshooting Chart Appendix: stat.conf Configuration Appendix: Custom Report Files

LDAP Connection Maintenance

For customer sites that maintain LDAP user directories, Stat supports authenticating login credentials based on a user’s LDAP password rather than the default password defined directly in Stat. This allows sites that maintain a large number of user accounts to avoid maintaining an additional set of Stat-specific passwords. LDAP-enabled users can login to both the Stat Windows Client and the Stat Web Client and have their accounts authenticated with their LDAP passwords.

You configure LDAP domains in Stat by specifying the LDAP server parameters, including location, port numbers and the base DN paths used to search for user account directories. After specifying the base DN, you then specify a template DN which will be used to pre-populate the DN for individual users in the User Maintenance table. You can also use the template DN to test the connection between Stat and the LDAP server.

After configuring LDAP domains in Stat and assigning them to users, you “turn on” LDAP by selecting the Enable LDAP option in the System Maintenance table, Other Options tab, as described in the section Other Options Tab .

Stat supports encrypting communication between Stat and the LDAP server by enabling SSL.

LDAP connection security is controlled by the following user class rights:
LDAP Connection - Add
LDAP Connection - Edit

The LDAP Connection Maintenance table is displayed in a standard maintenance window. To open this window, select Maintenance | Security Settings | LDAP Connect.

Defining LDAP Domains

To define a LDAP domain:
1
Click New to create a new LDAP domain.
2
In the LDAP Cd field, enter a code that uniquely identifies the LDAP domain.
3
In the Description field, enter a short description of the LDAP domain.
4
In the Host field, enter the network name that identifies the host machine on which the LDAP server is installed.
5
In the Ports field, enter the port number of the LDAP server.
The port number is typically 389.
6
In the Base DN field, enter the DN path used to search for users.
Although the format for the base DN may vary depending on your LDAP implementation, a typical base DN is derived from the name of your company and its DNS domain, for example, “DC=Quest,DC=com.”
After specifying the base DN, you can specify a template DN that will be used as the default value for individual user DN values in the User Maintenance table. However, before you do that, you have the option of entering a valid user DN and password to test the connection between Stat and the LDAP server.
7
(Optional) If you want to test the connection between Stat and the LDAP server, do the following:
a
In the Test Connect DN field, enter the DN of a valid LDAP account.
For test purposes, this can be the DN of any LDAP account that you know is valid. The DN format may vary, but a typical user DN consists of the user name and organizational unit, for example: “CN=John_Smith,OU=Employees”
b
Select Append Base DN to append the base DN with the test connect DN.
This allows Stat to read the full LDAP address of the test account, for example: “CN=John_Smith,OU=Employees,DC=Quest,DC=com.”
c
Click Test Connect.
Stat prompts you to enter the LDAP password of the user account.
d
Enter the password and click OK.
Stat attempts to connect to the test connect DN on the LDAP server and displays a message that tells you if it was able to connect successfully or not.
8
Do the following to specify a default user DN for individual user accounts in the User Maintenance table:
a
In the Template DN field, specify the default user DN value.
Stat allows you to use variables for First Name and Last Name fields so that the default value is dynamically applied to each user account, for example: "CN=%first_name%_%last_name%,OU=Employees"
* 
NOTE: You do not need to specify a password. The Password field is for test connections purposes only.
b
Select Append Base DN to append the base DN with the template DN.
9
(Optional) If your site is equipped to use SSL and you want to use it to encrypt communication between Stat and the LDAP server, select SSL. Then specify the location of the SSL keystore for the Stat Windows Client or the Stat Web Client:
For the Stat Windows Client, enter the location of the SSL keystore in the Keystore Location field.
For the Stat Web Client, enter the location of the SSL keystore In the Agent Keystore field.
As an alternative, you can rely on your $JAVA_HOME/jre/lib/security/jssecacerts keystore to provide the certificate for your LDAP server. In this case, you can leave the Keystore Location field blank provided that jssecacerts exists in the Windows client jre/lib/security directory and that jssecacerts contains the LDAP certificate. For the Stat Central Agent, you can leave the Agent Keystore field blank provided that jssecacerts exists in the Central Agent's jre/lib/security directory and that jssecacerts contains the LDAP certificate.
Note that if both your Stat Central Agent and your LDAP server are running in secure mode, you have to rely on $JAVA_HOME/jre/lib/security/jssecacerts to contain both the LDAP certificate and the Stat Central certificate. This is true for the Windows Client JAVA_HOME and for Stat Central Agent's JAVA_HOME. In this case, both Keystore Location and Agent Keystore fields should be left blank.
10
Click OK or Apply to save your work.
After defining an LDAP domain, you can assign it to users. You can also copy LDAP domains and use the copy as the basis for a new LDAP domain. To copy an LDAP domain, select it and click Copy.

Assigning LDAP Domains to Users

To assign a LDAP domain to users:
1
Select the LDAP domain you want to assign to users and click Assign Users.
The Assign Users window displays all the active users in Stat. You can filter the list to show users currently assigned to particular LDAP domains as well as users that are not currently assigned to a domain.
2
Select the user(s) you want to assign to the domain.
3
Click Update User DN.
This updates the user’s DN by appending the selected LDAP domain’s Base DN to the Template DN. It also automatically selects the Enable LDAP option. When you update a user’s DN, it automatically updates the user’s DN in the User Maintenance table as well.
4
Click OK or Apply to save your changes.

Connection Manager

The maximum number of active users (meaning users who can connect to Stat as specified in the User Maintenance table) equals the number of licensed seats. Once the number of active users equals the number stipulated in the license agreement, new user connections are denied.

The Connection Manager window displays a list of all the users currently connected to Stat as well as a record of denied and terminated connections. From this window you can manually disconnect users from the Stat Repository, thereby opening seats and allowing other users to connect.

Connection Manager security is controlled by the user class right, Database Connections - Manage.

To open the Connection Manager window, select Maintenance | Security Settings | Connections.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级