When an organization uses directory services to register its users, it can configurate Deyel, to delegate in LDAP the authentication process.
The user informs their user code or their alias and password, in the access page to the user portal.
Deyel verifies that a user exists in their register, with the user code or the informed alias and then delegates in LDAP the authentication. If the user is registered in Deyel and LDAP reports a correct authentication, then its access is allowed.
IMPORTANT
Before activating LDAP authentication it must be ensured that it exists a registered user in Deyel and that it can authenticate correctly in LDAP.
If none of the users meet these conditions, it is not possible to enter the portal.
Deyel verifies that the administator that is configurating the environment can authenticate correctly in LDAP.
When LDAP is used as one of the Mixed authentication methods, this last verification is not realized.
When Deyel can not establish communication with the LPAD server, allows the administator to enter the portal by using Native authentication.
In these cases, the user does not have all administration options available, but can only access to the environment configuration, to reconfigure the mechanism of authentication.
With this mechanism of authentication the option “Forgot your Password” is not available.
If the user does not remember their password, they must respect the procedures that the organization determines to solve the problem.
In the environment configuration of execution from Deyel, different aspects can be configured from the integration with LDAP.
Configuration of access to the LDAP server. All properties are required to activate the LDAP authentication.
Configuration of user search in the LDAP Directory. Establishes the search subtree, LDAP attributes which are considered search keys and additional filters of user selection.
LDAP - Attribute Synchronization
Configuration of user properties of Deyel that are synchronized with LDAP attributes
Deyel allows certain properties of the user to recover from attributes of the LDAP directory, to prevent these properties from modifying in Deyel.
When Deyel connects correctly and determines that the user exists in LDAP, it marks it as “Synchronyzed User”.This indicates that some of its attributes have been recovered from LDAP and can not be modified in Deyel.
In the same way, Deyel automatically removes the “Synchronized User” mark when it determines that the user has ceased to exist in LDAP. This way, allows its attributes to be modified in Deyel.
There are different moments in which these attributes synchronization is realized.
Login
When the user authenticates correctly against LDAP, its attributes are synchronized. If Deyel detects an error that does not enable to realize this synchronization, a register of this is left in the Logs console and entry to the portal is not allowed.
User Creation
When a user is created, by informing their user code or their alias, their existence in LDAP is verified. If the user exists in LDAP, their attributes are recovered and remain protected. They can not be modified in DeyelIf the values recovered from LDAP are incorrect or the user does not exist in LDAP, creating the user is prevented in Deyel.
User Modification
When there is access to the modification of a user, Deyel syncs again the attributes before showing the information on the screen. If Deyel detects an error that does not enable to realize this synchronization, a register of this is left in the Logs console and the synchronization is not realized. Then, there is access to the user information, but the synchronized properties can not be modified from Deyel.
Consultation and Deletion of users
When these operations are executed, an attributes synchronization is also realized before exposing the user information on the screen. If Deyel detects an error that does not enable to realize this synchronization, a register of this is left in the Logs console and the synchronization is not realized.
