In TIBCO BusinessWorks collaborator (BWC) when users when synchronized with TIBCO Administrator that is using LDAP does it synchornize the passwords?
Article ID: KB0092241
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessWorks Collaborator | - |
| Not Applicable | - |
Description
Resolution:
The user passwords are not synchronized to the workflow server when using LDAP => Admin => Workflow sync. If you are storing passwords longer than 8 characters, IC only records/checks the first 8 characters. The initial password is always the same as the username. Passwords can of course be changed.
BWC does NOT authenticate against LDAP. The sync option is to copy the users from LDAP->Admin->IC. For all WF use the users in are authenticated against BWC Server. For WF Desktop the authentication is against the Administrator user repository.
When using the LDAP synchronized domain is configured with BWC. In the Manage Connection resource you can use "impersonate as" option to establish connection for that user. In TIBCO Designer you can use the "Impersonate as" field in Manage Connection activity to create workflow connections on behalf of any workflow user.
- Login to workflow desktop is authenticated both against LDAP and Workflow Server. However, the password provided should match the one in LDAP.
- Login to Workflow Server, it is authenticated against IC database. (Eg; Manage Connection)
When the user sync happens it checks if the Administrator is using LDAP. If it is not using LDAP, it reads the password of the user from Administrator and sets it in IC accordingly. Say if the Administrator is using LDAP, as we can't read the password from LDAP, the password is set to blank.
In summary, when LDAP => Admin => Workflow sync is used the passwords from LDAP are not copied to BWC Server, only the usernames are copied for all users except icdba. In such scenario if user logs in using any such user in Manage Connection it fails complaining the password is incorrect because Manage Connection authenticates against IC DB where passwords are not copied from LDAP. The suggestion in this scenario is to use the "Impersonate as" field in Manage Connection activity to create workflow connections on behalf of any workflow user.
The user passwords are not synchronized to the workflow server when using LDAP => Admin => Workflow sync. If you are storing passwords longer than 8 characters, IC only records/checks the first 8 characters. The initial password is always the same as the username. Passwords can of course be changed.
BWC does NOT authenticate against LDAP. The sync option is to copy the users from LDAP->Admin->IC. For all WF use the users in are authenticated against BWC Server. For WF Desktop the authentication is against the Administrator user repository.
When using the LDAP synchronized domain is configured with BWC. In the Manage Connection resource you can use "impersonate as" option to establish connection for that user. In TIBCO Designer you can use the "Impersonate as" field in Manage Connection activity to create workflow connections on behalf of any workflow user.
- Login to workflow desktop is authenticated both against LDAP and Workflow Server. However, the password provided should match the one in LDAP.
- Login to Workflow Server, it is authenticated against IC database. (Eg; Manage Connection)
When the user sync happens it checks if the Administrator is using LDAP. If it is not using LDAP, it reads the password of the user from Administrator and sets it in IC accordingly. Say if the Administrator is using LDAP, as we can't read the password from LDAP, the password is set to blank.
In summary, when LDAP => Admin => Workflow sync is used the passwords from LDAP are not copied to BWC Server, only the usernames are copied for all users except icdba. In such scenario if user logs in using any such user in Manage Connection it fails complaining the password is incorrect because Manage Connection authenticates against IC DB where passwords are not copied from LDAP. The suggestion in this scenario is to use the "Impersonate as" field in Manage Connection activity to create workflow connections on behalf of any workflow user.
Issue/Introduction
In TIBCO BusinessWorks collaborator (BWC) when users when synchronized with TIBCO Administrator that is using LDAP does it synchornize the passwords?
Feedback
Yes
No
Powered by
