Active Directory Integration

 

 

Send comments on this topic.

 

print topic

 

 

!--- Important Note ---!

 

This topic contains instructions that are only applicable to a version that is hosted by MLS. Should you be wanting to integrate Active Directory into a library system that is installed locally within your organisation, see the installation documentation.

 

 

All objects in Active Directory including users have a unique Security ID (SID) associated with their record that never changes. It is possible to import this value and store it against the respective users in the library software. What this then means is when a user logs on to a computer with their network username and password and they launch the home page, the software is able to determine who the user is and automatically log them in to their account. Essentially this saves the users from having multiple sets of login details for different applications.

 

Passing the user SID through to the application is the basic principal of how the linking works. What this does mean is that the library system is not maintaining a list of the users passwords, therefore, if a borrower needs to change their password this is done how it is normally is on the network (e.g. CTRL + ALT + DELETE in Windows).

 

As a result of the password not being stored in the application, this means that the Active Directory password cannot be used for borrowers to log on the library system from home and when using iMLS. However, it is possible to allocate a password to these accounts and use the existing borrower username. See the topic Global Update in the section Password Manager and use the Current Logon when allocating a username.

 

Installation

 

There is required installation of two  components in order for this to work correctly; the Hardware Plug-in and the AD Plug-in. This article does not explain how to install each of these components, however the purpose and use of each is described below.

 

The topics in this section and associated articles assume that the installation of both plug-ins has already been completed. The installers for both can be found on the links below.

 

·Hardware Plug-in

·AD plug-in

 

 

 

 

Installed Software

Description

 

 

Hardware Plugin

The hardware plug-in is required for handling the synchronisation of the users in the library system with Active Directory. In order for the integration to work successfully (described above) this depends on the SID of the user being associated with the correct borrower. The hardware plug-in retrieves the users SID and imports this onto the appropriate record in the library system.

 

This plug-in is only required on one machine and it can be either a server or client.

 

AD Plugin

The AD plug-in installs a small add-on into Internet Explorer. The purpose of this is to obtain the logged-in users SID and pass the value through to the application in order to authenticate them in the library system. This is required as the application does not have the permission to obtain the SID without using the AD plug-in.

 

This is required on each client machine.

 

 

 

Once the Hardware Plug-in has been installed, follow the instructions in the topic Configuring Active Directory for details about how to set this up.

 

 

 

 

 

Copyright © 2013 MLS