Active Directory ADSI and LDAP authentication systems

Active Directory ADSI or LDAP authentication in Taskmaster

ADSI or LDAP Taskmaster Server Service

In Taskmaster Server Manager, set the Authentication system to ADSI or LDAP.

ADSI or LDAP Taskmaster groups and stations

Depending on the number of ADSI or LDAP security groups you created, add corresponding groups to your Taskmaster application and assign Taskmaster permissions to each group. The Taskmaster group name must be in the following format:

• Active Directory security group name
• A dot
• Short domain name (domain without top level)

For example, if the Active Directory security group name is TMUsers and the full domain name is domain02.com, then the Taskmaster Group name must be TMUsers.domain02.

There is no need to create Taskmaster groups for the Taskmaster server service or for theTaskmaster Web, RV2, and Fingerprint service application pools.

Add Taskmaster stations to your application with the appropriate permissions. Users of interactive Taskmaster software components enter station names manually so the station names for these users do not need to match their machine names.

For NENU, Rulerunner, Taskmaster web services, and the Taskmaster Web Client Upload service, the machine names are provided automatically as the station name. These machine names must be added to your Taskmaster application as station names. Station names are case-sensitive.

When you are using ADSI or LDAP, authentication is performed at the group level and there is no need to add Taskmaster users to your Taskmaster applications.

ADSI or LDAP Taskmaster users

The Windows account that the user, background service, or background process uses to log on to the computer is used for authentication.

• Users that log in to interactive Taskmaster software components must enter a user name and station name. The user must not enter a password even though the Windows account information is used for authentication.
• Background services or processes must leave the user name, password, and station name blank because the Windows account information is used for authentication and the machine name is used as the station name.

ADSI or LDAP Datacap Studio users

Users logging in to Datacap Studio must select the NT Authentication check box the first time that they start Datacap Studio.

ADSI or LDAP NENU

The Windows Scheduler runs the NENU application automatically. The Windows account that is used by the NENU application and the computer name is used for authentication.

• Add a Taskmaster station to your application for NENU that has the same name as the machine name and assign appropriate permissions.
• In the NENU application, set the parameters for the SetPassword and SetStation actions to blank. The Windows domain and user name must be used for SetUser to configure NENU to authenticate to the Taskmaster server service.
• In Windows Scheduler, set the account in Security Options to the Windows account that is used by NENU to run with highest privileges.

ADSI or LDAP Rulerunner Service

The Datacap Rulerunner Service is a background service that supplies its credentials automatically.

• Add a Taskmaster station to your application for each Rulerunner server and assign appropriate permissions. The station name in Taskmaster is case-sensitive and must match the machine name because it is maintained in the domain controller.
• Set up the credentials in each Rulerunner Manager by selecting the Windows Authentication option on the Rulerunner Login tab.

ADSI or LDAP Taskmaster Web Client Upload Service

The Taskmaster Web client upload service is a Windows service that supplies its credentials automatically.

• Add a Taskmaster station for the upload service to the Taskmaster application and assign appropriate permissions.
• Set up a blank password to be used by the upload service by adding a name and value pair in the Application Manager Advanced values fields.
  • Value name: Must be dc2run.User
  • Value: Leave this field blank.
• In the Taskmaster Web Client Upload configuration file, set the value of the <setting name="User" node to the domain and Windows account (for example DOMAIN\UserID) of the Taskmaster Upload Service user.
• In the Taskmaster Web Client Upload configuration file, set the value of the <setting name="Station" node to the Taskmaster Upload Service station.

ADSI or LDAP Application Pools

Taskmaster uses application pools for Taskmaster Web, RV2, and the Fingerprint Service. When Taskmaster Web and RV2 are installed on the same web server, they must use the same Windows account. When the Fingerprint Service is also installed on the same web server, it can use the same Windows account or a different one. The Windows account that is assigned to the application pool allows the application pool to function. When you assign the Windows account to the application pool, you provide the Windows credentials that the application pool uses.

There is no need to set up ADSI or LDAP groups or Taskmaster users, stations, or groups for application pools.

ADSI or LDAP Taskmaster web services (wTM)

Taskmaster web services supplies its credentials automatically.

• Add a Taskmaster station to your application for wTM that is the same name as the machine name and assign appropriate permissions.
• Set up credentials by adding a name and value pair in the Application Manager General string values fields for the blank user name and to hold the station name. Add a name and value pair in the Advanced values fields for the blank user password.
  • Value name: wTMUser
  • Value: Leave this field blank.
  • Value name: wTMStation
  • Value: Set to the Taskmaster station name.
  • Value name: wTMPassword
  • Value: Leave this field blank.