204 Lotus LearningSpace R5.01 Deployment Guide
14.3 Authentication
The authentication process for a user depends on the registration mode used to
create the user record:
If the user was registered manually or was imported from a text file, then the
authentication process checks the logon name and password against the
users records in the USERS table of the Core server’s database.
If the user was imported from a Domino directory, then the authentication
process tries to log on with the given logon name and password to the
Domino server.
The registration of the users sets the value of the U_DIRERROR fields in the
users’ records. If the value of the U_DIRERROR field in a user record differs from
1, then the authentication tries to authenticate the user against the Core servers’
USERS table; otherwise, authentication takes place against a Domino server.
Keep in mind the following rules:
The value of U_DIRERROR:
– Is NULL after a manual user registration or an initial user import from a file.
– Is 1 after a bulk import from a Domino directory with the Domino User
Import Tool.
– Retains its value after synchronizing with the Collaboration server, and
even after Single Logon is enabled.
Updating a user record on the LearningSpace administrator interface’s User
module does not change the corresponding U_DIRERROR value.
A successful user update from a text file change the U_DIRERROR field’s
value of the matching records to 0. Any error occurring during the import user
process does not alter the USERS table.
A successful user synchronization with a Domino directory changes the
U_DIRERROR field’s value of the matching records to 1.
From the point of the authentication, U_DIRERROR field’s value of NULL equals
0.
14.3.1 Authentication against LearningSpace Users table
When LearningSpace authenticates the users against the Users table, a simple
comparison decides whether the logon is successful or not. The password sent
over the net is not secured.
Chapter 14. Populating with users 205
14.3.2 Authentication against Domino directory
Authentication against a Domino directory requires a password from the user. A
user cannot authenticate against the Domino server with an empty password.
This is a necessary restriction on the Domino server side. The password typed
into the LearningSpace logon screen is sent to the Domino server’s DIIOP task,
and it executes the authentication. The authentication uses the Domino Java
Toolkit.
14.3.3 Authentication against an LDAP directory
Authenticating against an LDAP directory is not supported in the LS 5.01 version.
14.3.4 Authentication against LearningSpace Collaboration server
Authentication may be needed for accessing collaborative features of the
Collaboration servers. This means that the user logging on the LearningSpace
Core server first authenticated against the USERS table; during the first time
access of a Collaboration server, it may challenge the user again.
By default, every Collaboration server has to authenticate the user. This
redundancy can be solved by enabling the Single Logon feature.
Single Logon feature
The Single Logon feature is discussed in Chapter 10, “Enabling Single Logon for
Users” in LearningSpace 5.01 System Administrator’s Guide. It enables users to
authenticate once against a dedicated Collaboration server and access the
LearningSpace environment after that without authenticating again. This means
that even the logon process to the Core server is using the authentication with
the dedicated Collaboration server.
Normally, the successful authentication enables the user to access the whole
LearningSpace environment until the user closes the browser, or a timeout
occurs. There are some issues with this process:
Single Logon and SSL together are not supported for the 5.01 version. This
means that you have to decide between higher security or an easier logon.
The Collaboration server has to serve all the authentication requests for your
users. Any breakdown prevents users from logging on to any part of the
system. LearningSpace Collaboration server’s authentication process has no
supported cluster feature in version 5.01.
206 Lotus LearningSpace R5.01 Deployment Guide
You can enable Single Logon at the bottom of the Collaboration Settings page
(see Figure 14-16 on page 207).
Tip: Enabling the Single Logon feature for a Collaboration server modifies the
appropriate server record in SERVERS table, so that SE_SINGLESERVER
becomes 1.
Chapter 14. Populating with users 207
Figure 14-16 Collaboration Settings page of LearningSpace administrator interface
208 Lotus LearningSpace R5.01 Deployment Guide
Get Lotus LearningSpace R5.01 Deployment Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
