Integrating Siebel with LDAP/SSO

In this Document


Purpose

Scope

Details

Siebel Components

Integration Architecture

Preparing Your Environment

References

APPLIES TO:

Siebel CRM - Version 7.8 [19038] to 8.2.2.1 SIA[23012][Release V7 to V8]
Information in this document applies to anyplatform.

PURPOSE

This article describes the integration of SSOwith the Siebel e-business platform. Siebel is a Web-based suite that combinescustomer relationship management, partner relationship management, and employeerelationship management applications.

SCOPE

NOTE: This solution can be implemented with any3rd Party SSO system with the following prerequisites:

The 3rd Party SSO system should be able to send the user identity in an HTTPHeader Variable.

Siebel Web Single Sign On configuration is configured for the Siebel WebEngine.

Siebel Security Adapter (LDAP/ ADSI) Profile is used for authentication.

SSO solutions using static trust token in the HTTP header.

DETAILS

Siebel Components

This integration involves the following Siebelcomponents.

Siebel Gateway Name Server: The name serverprovides persistent backing of Siebel server configuration information,including definitions and assignments of component groups and componentoperational parameters as well as Siebel server connectivity.

Siebel Database Server: The Siebel databaseserver contains the data used by Siebel clients.

Siebel Server and Siebel Web Server Extension:The Siebel Server along with the Siebel Web Server Extensions supports SiebelEnterprise Web Applications.

Integration Architecture

The preferred method of Web single sign-on withSiebel is achieved by passing a header variable populated with an attributevalue that is stored in the LDAP directory. The SSO solution used permitspassing the appropriate HTTP header variable to Siebel. SSO solution interceptsthe user‘s HTTP request and checks for a session cookie. If the cookie does notexist or it has expired, the user is challenged for credentials. Theimplemented SSO solution verifies the credentials, and if the user isauthenticated, the SSO solution redirects the user to the requested resourceand passes the required header variable to the Siebel application. The Siebelapplication initiates a session which is kept at the Siebel Web Engine.

Figure 1: SSO Integration with Siebel. Illustratesa scenario where the user authenticates to a SSO-protected resource and isgranted access to a Siebel application.

l

Process overview: Authentication with theintegration

  1. 1.         A user attempts to access content or an application on     a server.
  2. 2.         SSO intercepts the request.
  3. 3.         To determine if the resource is protected, SSO checks     for a security policy.

The security policy consists of anauthentication scheme, authorization rules, and allowed operations based onauthentication and authorization success or failure.

  1. 4.         If the resource is protected, SSO checks for the user‘s     session cookie.

If a valid session exists, SSO passes the headervariable to the Siebel server. If a valid session does not exist, SSO promptsthe user for credentials.

  1. 5.         If the credentials are successfully validated, SSO     executes the actions that are defined in the security policy and sets an     HTTP header variable that maps to the Siebel user ID.
  2. 6.         SSO redirects the user to the requested Siebel     resource.
  3. 7.         The Siebel application recognizes the SSO header     variable, authenticates the user, and initiates a session.

The header variable is stored in the Siebel WebEngine. The user can now access any resource that is protected by SSO, forexample, a Siebel Web application, without being prompted for credentials.

If the user is not authorized, the user isdenied access and redirected to another URL as determined by the organization‘sadministrator.

Preparing Your Environment

Complete the following steps to prepare yourenvironment for the integration.

Task overview: Prepare your environment for OMand LDAP integration

Configure the out-of-box LDAP Security Adapterprofile to talk to the LDAP server for authentication. Refer to Siebel SecurityGuide > Security Adapter Authentication > Process of Implementing LDAP orADSI Security Adapter Authenticationhttp://download.oracle.com/docs/cd/E14004_01/books/Secur/Secur_SecAdaptAuth21.html#wp1598728

Configure the Web Single Sign On for the SiebelApplication OM. Refer to Siebel Security Guide > Web Single Sign-OnAuthentication > Process of Implementing Web Single Sign-On

http://download.oracle.com/docs/cd/E14004_01/books/Secur/Secur_SSOAuth6.html#wp1003258

Task overview: Prepare your web environment forintegration

  1. 1.         Install a supported directory server according to     vendor instructions.
  2. 2.         Install a supported Web server supported both by Siebel     CRM and the SSO solution
  3. 3.         Configure the Web browser to allow cookies according to     vendor instructions.
  4. 4.         Proceed to the next section.

Setting up Siebel for integration with SSO

The following procedures describe how to set upSiebel for this integration.

  1. 1.         Install the following Siebel components, as described     in the Siebel documentation:

    1. a.          Siebel Gateway Server
    2. b.          Siebel Server
    3. c.          Siebel Database Server
    4. d.          Siebel Web Server Extension
  2. 2.         Verify that Siebel Industry Applications and Web Server     Extension are working properly.
  3. 3.         Ensure that the Siebel client and the Siebel server are     able to communicate with each other through TCP/IP, as described in the     Siebel documentation.
  4. 4.         Add at least three users to LDAP:

n       Test

n       The SiebelAnonymous User

n       The SiebelApplication User

In addition to your regular users, Siebel usestwo user accounts from the directory: Anonymous User and Application User. Youalso need to create an attribute in regular user accounts for storing theSiebel database user information. See the information on creating users in thedirectory in the Security Guide for Siebel Industry Applications for details.

  1. 5.         Add user records in the Siebel database that correspond     to the registered users.

You need a record in the Siebel database thatcorresponds to the test user that you created in the LDAP directory. You alsomust confirm that the seed data record exists for the Anonymous User for yourSiebel customer or partner application. This database record must match theAnonymous User that you created in the LDAP directory. See the information onadding user records in the Siebel Database in the Security Guide for SiebelIndustry Applications for details.

Table 1:“eapps.cfg parameters” describes the parameters to set for the eapps.cfg file.This file contains configuration details for the Siebel Web Server Extensioncomponent. It is located in the \BIN directory where the Siebel Web ServerExtension is installed (for example, C:\siebel81\SWEApp). You can add theseparameters to the [Default] section or to the Siebel-specific application, forexample, [/esales_enu].

Oracle recommends that you add these parametersto the specific Siebel Industry application section.

To encrypt eapps.cfg parameters, follow thesteps as per: Siebel Security Guide > Changing or Adding Passwords >Managing Encrypted Passwords in the eapps.cfg File

http://docs.oracle.com/cd/B40099_02/books/Secur/Secur_ChangePwd11.html#wp1053529

 

Table 1 eapps.cfg parameters


Parameter and value
Value
Notes

AnonUserName
GuestCST
The anonymous user is a Siebel user with very limited access. It  enables a user to access a login page or a page that contains a login form.  This user is defined in the Siebel database and must exist in the LDAP  directory.

AnonPassword
Ldap
The LDAP password for the anonymous user.

SingleSignOn
TRUE
When this parameter is set to true, the Siebel Web Server  Extension Engine (SWSE) operates in WebSSO mode.

TrustToken
HELLO
In a Web single sign-on environment, this token string is a  shared secret between the SWSE and the security adapter. It is a measure to  protect against spoofing attacks. This setting must be the same on both the  SWSE and the security chapter.

UserSpecSource
Header
In a Web single sign-on implementation, this parameter specifies  the source from which the SWSE derives the user credentials, as follows:

n        Server—Use if the value  is from the Web server name field

n        Header—Use if the  variable is in the HTTP request header

UserSpec
SSO_Siebel_User
In a Web single sign-on implementation, this variable name  specifies where the SWSE looks for a user’s user name in the source provided  by UserSpecSource.

The following is an example of a configuredeapps.cfg file:

[/esales_enu]

SingleSignOn     = TRUE

TrustToken       =HELLO

UserSpec        = SSO_SIEBEL_USER

UserSpecSource   = Header

ConnectString    =siebel.TCPIP.None.None://sdchs24n336:3320/siebel/eSalesObjMgr_enu

StartCommand     =SWECmd=GotoView&SWEView=Home+Page+View+(eSales)

WebPublicRootDir = c:\19213\eappweb\public\enu

WebUpdatePassword = tieeKaYLjfUBgdi+g==

Table 2: Siebel ApplicationParameter File for the Web Server Extension describes the parametersthat you specify in the Siebel Application Parameter File (for example,siebel.cfg).


Table 2: Siebel Application Parameter File for the Web  Server Extension

Parameter
Value
Description

ApplicationUser
Cn=sadmin,cn=users,dc=us,dc=oracle,dc=com
DN of Siebel Application User

ApplicationPassword
Ldap
LDAP password

BaseDN
Cn=users,dc=us,dc=oracle, dc=com
LDAP directory base DN

CRC
CRC code

CredentialsAttribute
Mail
LDAP attribute used to store the user’s database credentials

SecAdptDllName
Sscfldap
Security Adapter DLL

HashAlgorithm
RSASHA1
Hash algorithm

HashDBPPwd
FALSE
Should the shared database password be hashed

HashUserPwd
FALSE
Should the user’s password be hashed by Siebel

Port
389
LDAP server port

PropagateChange
TRUE
Propagate user changes to an external repository

PasswordExpireWarning
30
Number of days before password expiry, when the user should be  warned.

PasswordAttributeType
UserPassword
LDAP attribute used to store the user’s password

RolesAttributeType
LDAP attribute used to store the user’s responsibilities

ServerName
Ldap.us.oracle.com
LDAP Server Name

SharedCredentialsDN
Cn=sadmin,cn=users,dc=us,dc=oracle,dc= com
DN of LDAP user storing the DB credentials

SiebelUsernameAttribute Type
Uid
LDAP attribute used to store the user’s user ID

SSLDatabase
C:\oblix-data\oid-key
Path of the SSL database certificate file (required if LDAPS is  used)

SingleSignon
TRUE
Is single sign-on enabled

TrustToken
HELLO
Web single sign-on trust token

Siebel User ID Attribute: The Siebel User ID attribute for theadapter-defined user name. Corresponds to the SiebelUsernameAttributeTypeparameter.

Siebel Username Attribute. The Siebel user ID attribute used by thedirectory. An example entry for an LDAP directory is uid. An example entry forActive Directory is sAMAccountName (maximum length 20 characters). If yourdirectory uses a different attribute for the Siebel user ID, then enter thatattribute instead. Corresponds to the UsernameAttributeType parameter.

To set the Siebel Server ConfigurationParameters

  1. 1.          Log in to a Siebel employee application, such as     Siebel Call Center, and make one of the following choices from the     application-level menu:

n       To setenterprise level parameters, choose View, select Site Map, then select ServerAdministration and then select Enterprise Configuration.

n       To set serverlevel parameters, choose View, select Site Map, then select ServerAdministration and then select Servers.

n       To setcomponent level parameters, choose View, select Site Map, then select ServerAdministration and then select Components.

If you are setting parameters at the server orcomponent level:

n       To setenterprise-level parameters, click the Enterprise Parameters view tab.

n       To setserver-level parameters, click the Server Parameters view tab.

n       To setcomponent-level parameters, click the Component Parameters view tab.

Because application-level parameters overrideenterprise level settings, Oracle recommends that you set the Siebel parametersfor SSO integration at the application level.

The following screen shot illustrates settingSiebel Server configuration parameters:

  1. 2.         Select a parameter record, edit the Current Value field,     and then click Save.
  2. 3.         Restart the Siebel Server to allow the changes to take     effect.

Setting up SSO for Integration with Siebel

Setting up SSO for integration with Siebelinvolves the following steps.

  1. Install     all needed componets for the SSO solution as described by vendor.
  2. Synchronize     the time on all servers where Siebel and the SSO solution.  Each     Siebel application has its own document directory. You can either protect     each application individually or protect the higher-level directory under     which the applications reside.
  3. Configure     SSO to map a SSO Header variable uid to the Siebel uid
  4. Remove     default no-cache HTTP pragmas that SSO sets as a default..
  5. 5.       Note:     The Header variable set in the  SSO policy should be equal to the     value of the UserSpec parameter in the eapps.cfg file.

In the following example, the uid is mapped tothe SSO_SIEBEL_USER HTTP header variable as follows:

Type: HeaderVar

Name: SSO_SIEBEL_USER

Attribute: uid

  1. Allow     Access to users by selectinfg SSO/Siebel users to whom you want to grant     access to the resources that are protected by the policy domain.

Testing Integration between SSO and Siebel

After configuring the integration of SSO withSiebel, you should test for successful SSO authentication and single sign-onwith Siebel.

The following is a test for single sign-onbetween a non-Siebel, SSO-protected Web page and Siebel Web Server Extension.

To test single sign-on

  1. 1.         Create an SSO domain to protect a Siebel Industry     application (for example, eMarketing) and require basic LDAP     authentication for it.
  2. 2.         Open a Web browser and enter the URL for the Web     server‘s main page (http://hostname).

The main page is displayed. User authenticationshould not be required.

  1. 3.         Access the Siebel Industry application URL for the Web     server from the same browser used in step 2.

Basic authentication should be required.

  1. 4.         Access the Siebel Industry application URL for the Web     server from the same browser used in step 2.

Access to the Siebel Industry application shouldbe allowed. The user should not be challenged for credentials.

  1. 5.         Close the browser and open a new browser session.     Access the Siebel Industry application URL for the Web server.

Basic authentication should be required. Afterthe user enters credentials, the Siebel Industry application should bedisplayed.

  1. 6.         Access the demo document directory URL for the Web     server from the same browser user in step 5.

The following is a test of the SSO sessiontimeout.

To test SSO session timeout

  1. 1.         Configure the SSO session timeout to be five (5)     minutes and restart the Web servers.
  2. 2.         Open a Web browser and the Web server‘s main page     (http://hostname).

The main page is displayed. User authenticationshould not be required.

  1. 3.         Access the Siebel Industry Application URL for the web     server from the same browser used in step 2.

Basic authentication should be required. Afterthe user enters credentials, the Siebel Industry application should bedisplayed.

  1. 4.         Leave the browser window open and idle for more than     five minutes.
  2. 5.         Refresh the browser window using the Refresh button.

Basic authentication should be required. Afterthe user enters credentials, the Siebel Industry Application should bedisplayed.

  1. 6.         Repeat step 2 to step 4 for the implemented web server.

Notes on Integrating in a Multi-Domain ActiveDirectory Environment

There are considerations when configuring thisintegration in a multi-domain Active Directory environment. When the Siebelapplication is protected, it obtains the SAMAccountname from the HTTP headervariable SSO_SIEBEL_USER. However, the Siebel security adapter performs alookup in Active Directory to verify the account. In a forest, it is best toperform the query against a single domain controller with a query against port3268. This is the port that is used for the global catalog.

See the section on configuring LDAP and ADSIsecurity adapters in the Siebel Security Guide on the Siebel Bookshelf fordetails.

Task overview: Configuration in a multi-domainActive Directory environment

  1. 1.         Enable Siebel to use Active Directory for     authentication, configuring the authentication to start at the root of the     forest.
  2. 2.         Configure the Siebel part of the Active Directory     search with the global catalog port number as part of the ldap query.

Add the port number to the hostname in theconfiguration information, as follows:

hostname.domainname.com:3268

Configuring Session Logout

You can configure an expiration period for asession by setting a session timeout value in both Siebel and many SSOsolutions. The timeout values should be the same for both applications. If youconfigure a timeout value for Siebel that is shorter than the one you configurefor SSO, users can re-establish their Siebel session after it times out withoutproviding login credentials.

The rest of this section discusses the followingtopics:

  • Configuring     the Siebel Timeout
  • Configuring     the  SSO Session Timeout
  • Configuring     the Siebel Logout Behavior.

Configuring the Siebel Timeout

The following procedure describes configuringthe timeout. For users to be asked to re-authenticate after the timeout limitis reached, you must also configure the same timeout value in SSO.

To configure the Siebel timeout

  1. 1.         Open the eapps.cfg file.

It is located in the \BIN directory where theSiebel Web Server Extension is installed (for example, C:\siebel81\SWEApp).

  1. 2.         Modify the value for the Set SessionTimeout parameter.
  2. 3.         Restart the Web server.

Configuring the SSO Session Timeout

The following procedure describes configuringthe timeout.  Follow your SSO  vendor’s procedure for setting sessiontimeouts.

  • Change     the value of the Maximum user session time (seconds) field.  This     value should be the same as the one that you set for the Siebel     application.
  • Change     the value of the Idle session time (seconds) field.  This value     should be the same as the one that you set for the Siebel application.

Configuring the Siebel Logout Behavior

In a Web single sign-on deployment, the userauthentication and user management features are the responsibility of SSO. Thefollowing features in Siebel are not available in a Web single sign-onenvironment:

n       Userself-registration

n       Delegatedadministration

n       Login andlogout

n       Change password

You configure logout functionality for Siebelusers by modifying the Siebel Logout link and redirecting the users to the SSOsolution logout page. By doing this, the user is logged out of SSO and byextension from Siebel.

The following procedures describe configuringSiebel to point to the default SSO logout.html page. To ensure that logging outof Siebel is also recognized by SSO, the page that logs users out of Siebelmust contain SSO logout functionality.

The following procedures describe configuringthe logout behavior.

To prepare for configuration

  1. 1.         Create a text file that contains the HTML required to     redirect the user to the SSO logout page.

The following is a URL example:

<ahref=http://coreidserver.us.orcacle.com/access/oblix/lang/en-us/logout.html>

The following is a Javascript example:

<html>

<head>

<scriptlanguage=”Javascript”>

<!--//

window.location.href=http://coreidserver.us.oracle.com/access/oblix/lang/en-us/logout.html;

//-->

</script>

</head>

</html>

  1. 2.         Copy the file as follows:

$siebelroot/siebsrvr\WEBTEMPL\name.swt

Where name is the name of the file that youcreated in the previous step, for example, coreidlogout.swt.

  1. 3.         Stop the Siebel server process.
  2. 4.         Start Siebel Tools.

To create a new project

  1. 1.         In the Object Explorer window, click Project.
  2. 2.         Select Edit.
  3. 3.         Select New Record.
  4. 4.         Enter the name of the file that contains the     redirection information as the name for the new record.

Do not include the ".swt" extension.In the previous procedure, this name was coreidlogout.

  1. 5.         Select Locked.

To create a Web template

  1. 1.         In the Object Explorer window, click Web Template.
  2. 2.         Add a new record.

Use the name of the file with the redirectioninformation. Do not include the ".swt" extension.

In a previous procedure, an example name ofcoreidlogout was provided.

  1. 3.         Enter the Project parameter.

As the name of this parameter, use the name ofthe file with the redirection information. Do not include the ".swt"extension.

In a previous procedure, an example name ofcoreidlogout was provided.

  1. 4.         Specify Web Page Template for the Type parameter.

To create a Web template file

  1. 1.         Expand the Web Template tree.
  2. 2.         Click Web Template File.
  3. 3.         Add a record that is named using the name of the file     with the redirection information.

Do not include the ".swt" extension.In a previous procedure, an example name of coreidlogout was provided.

  1. 4.         Enter the name of the file with the redirection     information, including the ".swt" extension, as the Filename     parameter.

To create a Web page for logout

  1. 1.         In the Object Explorer window, click Web Page.
  2. 2.         Add a record that is named using the name of the file     with the redirection information.

Do not include the ".swt" extension.In a previous procedure, an example name of coreidlogout was provided.

  1. 3.         Enter the name of the file with the redirection     information as the Project parameter.

Do not include the ".swt" extension.In a previous procedure, an example name of coreidlogout was provided.

  1. 4.         Select the name of the file with the redirection     information as the Web Template parameter.

In a previous procedure, an example name ofcoreidlogout was provided.

To complete logout configuration

  1. 1.         To lock the application project for each project where     you want to modify the logout behavior, in the Object Explorer window,     click Project.
  2. 2.         Locate the appropriate project.
  3. 3.         Select Locked.
  4. 4.         In the Application window, select the Siebel module to     be configured.

Each module must be configured separately.

  1. 5.         Scroll to the right and locate the Logoff     Acknowledgement Web Page parameter.

Make a note of this value before changing it.

  1. 6.         Select the name of the file with the redirection     information.

In a previous procedure, an example name ofcoreidlogout was provided.

  1. 7.         Compile the changes.
  2. 8.         Restart the Siebel Server and the Web server.

My Oracle Support resources:

OAM and Siebel Integration:1509338.1

Integrating Siebel with LDAP/SSO

时间: 2024-11-09 07:34:27

Integrating Siebel with LDAP/SSO的相关文章

[翻译]如何用YII写出安全的WEB应用

前言 虽然本文是基于YII1.1,但其中提到的安全措施适用于多数web项目安全场景,所以翻译此文,跟大家交流.原文地址. 目录 安全基本措施... 2 验证与过滤用户的输入信息... 2 原理... 2 客户端验证... 2 YII如何防范... 2 跨站脚本攻击XSS. 4 原理... 4 YII如何防范... 5 SQL注入... 7 原理... 7 YII如何防范... 8 跨站请求伪造CSRF. 12 配置WEB服务器... 12 PHP项目一些有用的指令... 15 授权... 16

基于CAS实现单点登录(SSO):CAS+LDAP实现单点登录认证

[一].概述 CAS是N个系统的中心认证入口,而贯穿多个系统的用户信息是共用的,应该被单独维护,而这些信息可能属于不用的系统,不用的组织,不用的国家,从而形成了树形结构,而使用关系型数据库维护树形结构信息是它的弱点,这就是本文CAS和LDAP整合的初衷. 本来主要详细是介绍CAS和LDAP整合实现单点登录的步骤. [二].详细步骤 1.LDAP安装配置 详见: 介绍openLDAP在windows上的安装配置 安装配置,添加部分测试数据如下: 2.CAS的基础安装配置: 见SSO之CAS单点登录

[转]使用 LDAP 组或角色限制访问,包含部分单点登录SSO说明

参考:http://www-01.ibm.com/support/knowledgecenter/api/content/SSEP7J_10.2.2/com.ibm.swg.ba.cognos.crn_arch.10.2.2.doc/c_restrict_access_using_ldap_groups_or_roles.html#Restrict_Access_Using_LDAP_Groups_or_Roles?locale=zh 使用 LDAP 组或角色限制访问 LDAP 目录中并非所有用

SSO 单点登录解决方案

转自:http://www.blogjava.net/Jack2007/archive/2014/03/11/191795.html 1 什么是单点登陆      单点登录(Single Sign On),简称为 SSO,是目前比较流行的企业业务整合的解决方案之一.SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统.      较大的企业内部,一般都有很多的业务支持系统为其提供相应的管理和IT服务.例如财务系统为财务人员提供财务的管理.计算和报表服务:人事系统为人

SSO二 之CAS

友情提示:SSO介绍可以参考http://www.cnblogs.com/dahuandan/p/6818673.html 什么是CAS CAS是开源的.多协议的WebSSO解决方案 结构体系 CAS Server CAS Server 负责完成对用户信息的认证: CAS Server 会处理用户名 / 密码等凭证 (Credentials) : 它是安装在服务器端的一个web程序,目前有耶鲁大学的 也有其它机构开发的: CAS Client CAS Client部署在客户端,当有对本地 Web

如何使用LDAP用户单点登录到Horizon桌面和应用

一直以来,Horizon View对MS AD的强依赖导致国内众多LDAP用户引进Horizon View变得非常困难.因为要部署Horizon View就一定要新建MS AD并且将LDAP的用户连同密码一起同步到MS AD里面.另外,用户在后续的使用中需要维护两套密码系统,这也是一个痛点.本文就给出一个解决这个问题方案. 该方案包括下面四个部分: 将LDAP的用户同步到MS AD里面.注意,本方案中只需要用户信息(比如用户名,upn,DN),不需要同步密码.在后续的使用过程中,如果LDAP里面

CAS FOR WINDOW ACTIVE DIRECTORY SSO单点登录

一.CAS是什么? CAS(Central Authentication Service)是 Yale 大学发起的一个企业级的.开源的项目,旨在为 Web 应用系统提供一种可靠的单点登录解决方法(支持WEB及客户端). CAS 开始于 2001 年, 并在 2004 年 12 月正式成为 JA-SIG 的一个项目. 二.主要特性  1.开源的.多协议的 SSO 解决方案: Protocols : Custom Protocol . CAS . OAuth . OpenID . RESTful A

单点登录 SSO

1 什么是单点登陆       单点登录(Single Sign On),简称为 SSO,是目前比较流行的企业业务整合的解决方案之一.SSO的定义是在多个应用系统中,用户只需要登录一次就可以访问所有相互信任的应用系统.       较大的企业内部,一般都有很多的业务支持系统为其提供相应的管理和IT服务.例如财务系统为财务人员提供财务的管理.计算和报表服务:人事系统为人事部门 提供全公司人员的维护服务:各种业务系统为公司内部不同的业务提供不同的服务等等.这些系统的目的都是让计算机来 进行复杂繁琐的

LDAP的用户需求

使用LDAP(ApacheDS)构建统一认证服务(SSO单点登录) 构建团队协作的体系,需要涉及很多个系统,如SVN.Jenkins.Trac.Nexus等,而一般而言每个系统均有其用户体系,当我们新增一个成员的时候,需要在每个系统的用户体系中添加用户:这样的工作往往是比较繁琐而冗余的. 通过LDAP这种轻量级目录访问方式共享认证成为一种行业标准,大多数系统均支持LDAP的认证方式. 1.LDAP介绍 LDAP的介绍可以通过搜索引擎找到,不赘述.LDAP是一种协议,它不是具体的实现,主要特点: