The Active Directory ADSI and LDAP systems authenticate
at the group level. You can select the ADSI or LDAP authentication
system option from the Taskmaster Server
Manager list of authentication systems. When you select the ADSI or
LDAP authentication option, the credentials from the Windows account are used for authentication.
Active Directory ADSI or LDAP authentication in Taskmaster
Active
Directory is referred to as ADSI in
Taskmaster. You must ensure
that the following is completed when you are using the ADSI or LDAP
authentication system.
- Appropriate security groups in Active Directory are created.
- Windows accounts are
created for Taskmaster users,
background services and processes, and application pools.
- The Windows accounts
for Taskmaster are
added to the appropriate Active Directory security groups.
ADSI or LDAP Taskmaster Server Service
In Taskmaster Server Manager, set
the Authentication system to ADSI or LDAP.
ADSI or LDAP Taskmaster groups and stations
Depending
on the number of ADSI or LDAP security groups you created, add corresponding
groups to your
Taskmaster application
and assign
Taskmaster permissions
to each group. The
Taskmaster group
name must be in the following format:
- Active Directory security group name
- A dot
- Short domain name (domain without top level)
For example, if the Active Directory security group name is TMUsers and
the full domain name is domain02.com, then the Taskmaster Group name must be
TMUsers.domain02.
There is no need to
create Taskmaster groups
for the Taskmaster server
service or for theTaskmaster Web,
RV2, and Fingerprint service application pools.
Add Taskmaster stations to your
application with the appropriate permissions. Users of interactive Taskmaster software components
enter station names manually so the station names for these users
do not need to match their machine names.
For NENU, Rulerunner, Taskmaster web services, and
the Taskmaster Web Client
Upload service, the machine names are provided automatically as the
station name. These machine names must be added to your Taskmaster application as station
names. Station names are case-sensitive.
When you are using
ADSI or LDAP, authentication is performed at the group level and there
is no need to add Taskmaster users
to your Taskmaster applications.
ADSI or LDAP Taskmaster users
The Windows account that the user,
background service, or background process uses to log on to the computer
is used for authentication.
- Users that log in to interactive Taskmaster software components
must enter a user name and station name. The user must not enter a
password even though the Windows account
information is used for authentication.
- Background services or processes must leave the user name, password,
and station name blank because the Windows account
information is used for authentication and the machine name is used
as the station name.
ADSI or LDAP Datacap Studio users
Users logging
in to Datacap Studio must select the NT Authentication check
box the first time that they start Datacap Studio.
ADSI or LDAP NENU
The Windows Scheduler runs the
NENU application automatically.
The Windows account that
is used by the
NENU application
and the computer name is used for authentication.
- Add a Taskmaster station
to your application for NENU that
has the same name as the machine name and assign appropriate permissions.
- In the NENU application,
set the parameters for the SetPassword and SetStation actions
to blank. The Windows domain
and user name must be used for SetUser to configure
NENU to authenticate to the Taskmaster server service.
- In Windows Scheduler,
set the account in Security Options to the Windows account that is used
by NENU to run with
highest privileges.
ADSI or LDAP Rulerunner Service
The
Datacap Rulerunner Service is a background service
that supplies its credentials automatically.
- Add a Taskmaster station
to your application for each Rulerunner server and assign
appropriate permissions. The station name in Taskmaster is case-sensitive
and must match the machine name because it is maintained in the domain
controller.
- Set up the credentials in each Rulerunner Manager by selecting
the Windows Authentication option on the Rulerunner Login tab.
ADSI or LDAP Taskmaster Web Client Upload Service
The
Taskmaster Web client upload service
is a Windows service that
supplies its credentials automatically.
- Add a Taskmaster station
for the upload service to the Taskmaster application and assign
appropriate permissions.
- Set up a blank password to be used by the upload service by adding
a name and value pair in the Application Manager Advanced
values fields.
- Value name: Must be dc2run.User
- Value: Leave this field blank.
- In the Taskmaster Web
Client Upload configuration file, set the value of the <setting
name="User" node to the domain and Windows account (for example DOMAIN\UserID)
of the Taskmaster Upload
Service user.
- In the Taskmaster Web Client
Upload configuration file, set the value of the <setting
name="Station" node to the Taskmaster Upload Service station.
ADSI or LDAP Application Pools
Taskmaster uses application
pools for
Taskmaster Web,
RV2, and the Fingerprint Service. When
Taskmaster Web and RV2 are installed
on the same web server, they must use the same Windows account. When the Fingerprint Service
is also installed on the same web server, it can use the same Windows account or a different
one. The Windows account
that is assigned to the application pool allows the application pool
to function. When you assign the Windows account
to the application pool, you provide the Windows credentials that the application
pool uses.
There is no need to set up ADSI or LDAP groups or Taskmaster users, stations,
or groups for application pools.
ADSI or LDAP Taskmaster web services (wTM)
Taskmaster web services supplies
its credentials automatically.
- Add a Taskmaster station
to your application for wTM that is the same name as the machine name
and assign appropriate permissions.
- Set up credentials by adding a name and value pair in the Application
Manager General string values fields for the
blank user name and to hold the station name. Add a name and value
pair in the Advanced values fields for the
blank user password.
- Value name: wTMUser
- Value: Leave this field blank.
- Value name: wTMStation
- Value: Set to the Taskmaster station name.
- Value name: wTMPassword
- Value: Leave this field blank.