2.1.4 Login authentication by linking with a directory server
Within the user authentication functionality, only login authentication can be performed on a directory server. Login authentication linking with a directory server is called directory server linkage. An Active Directory server is used for the directory server.
A directory server manages JP1 user passwords for login authentication. JP1 users who use a directory server regularly update their passwords themselves, so the system administrator of JP1/Base does not need to update the users' passwords for them. The authentication server manages JP1 user names and operating permissions for JP1 resources. After a user has been authenticated, the authentication server grants the user permissions for accessing or operating the JP1 products.
A JP1 user whose password is managed by a directory server is called a linkage user. A JP1 user, whose information (including their password) is managed by an authentication server, is called a standard user. On an authentication server, you can specify which JP1 users are linkage users and which are standard users.
- Organization of this subsection
(1) Setting up linkage with a directory server
Directory server linkage is disabled by default. To link with a directory server, you will need to modify the default common definitions. For details on the settings, see 8.2 Setup for login authentication linking with the directory server (in Windows).
After modifying the common definitions, you can check the status of the connection to the directory server and the modified common definitions by using commands. If the directory server is temporarily disabled due to a failure, you can switch the target server by using commands.
(2) Example of user authentication by linking with a directory server
The following figure shows an example user authentication when authenticating login users by linking with a directory server.
|
|
![[Figure]](GRAPHICS/ZU010500.GIF)
(3) Notes on login authentication by linking with a directory server
Sometimes login authentication takes a while from a JP1/Base authentication server because the following are also performed from the authentication server:
-
Communicating between the authentication server and a directory server
-
Authenticating login users on a directory server
The LDAP protocol is used for communicating between an authentication server and a directory server.