FileMaker Server and LDAP

[Cadderly]

I have a LDAP Server in my enterprise and FileMaker Server. I want the same passwords on the two places. I don't understand the utility to registrer FileMaker Server on LDAP Server. Explain me this and the processus to make this. Thanks !

[cjaeger]

only thing it does - it registers fileMaker server's ip address with active directory (or ldap, that is), so users can find the server and the open databases by name. This is not for storing passwords. I know of no ldap plugin for Filemaker, yet I have seen it asked for many times (mostly by Win2K admins).

[dortmunder]

this seems to be the latest post in this (i think the correct) forum on the topic -- does anyone have any new information?

it seems that fmp7 advanced server will have the ability to provide authentication via a directory server -- as far as i can tell (the documentation I've so far found seems to be very meager) it looks like the method depends completely upon which OS you're running -- that is: on Windows, fmp looks for a PDC to authenticate against (or takes its cue from how the OS itself is configured to ask for remote auth?), while on OS-X it'll look for an "Apple OpenDirectory" server. So far I haven't been able to get things to work on the apple side (we want to have our fmp7 instance run on OS-X, not windows, though i suppose that might be negotiable if I was able to interface it with our existing LDAP only via the windows platform...).

Can anyone confirm/deny any of my guesses or point me to better documentation or anything? After waiting half an hour the other day, i did talk to a FMP tech support person who seemed pretty knowledgeable

The test server we have set up (on OS-X) does actually give us shell access (through a pam/nss/ldap configuration), so perhaps we could tweak that configuration slightly (currently it's only set up for ssh logins) and then choose the "use local machine accounts" form of "external authentication" instead of using the directory directly.

any clues, pointers, advice, dox, etc... eagerly sought,

thanks much in advance,

~c

[The Shadow]

My vague understanding was that you can setup a local OpenDirectory server that talks to your real directory server for everything. This is the same in FM Server7 - you don't need server advanced for this.

[Steven H. Blackwell]

FileMaker Server 7 and FileMaker Server 7 Advanced both support external authentication through either Active Directory or Open Directory. You can use either domain (shared) accounts or local accounts depending on the rules set forth by the particular OS.

The July 2004 issue of FIleMaker Advisor has a long article about this. A couple of key points:

True SSO is Windows client via Windows Active Directory only.

On Mac OS X or when using Open Directory, the credential information must be stored in the keychain. Thereafter it mimics SSO.

On a local server CPU, if Windows OS, the Groups and accounts must be set to allow log-on as service for all non SSO accounts. (Basically Mac accounts and non authenticated Windows ones).

HTH

Steven

[ralph.nusser]

On the FileMaker Server 7 and Server 7 Advanced CD the documentation is missing that was given on the FileMaker 5.5 Server CD.

Can the following ldifde script be run on Windows Server 2003 as well?

#

#

# Filename:

#

# FileMakerOU.ldf

#

#

# Description:

#

# This LDIF script creates the recommended

# FileMaker OrganizationalUnit.

#

# NOTE:

#

# You MUST modify the DN (distinguishedName) and

# the objectCategory below

# to make this script work for your Active Directory.

#

# Here's how you use this script:

#

# ldifde -i -f FileMakerOU.ldf

#

# Last Modfied: 6/28/2001

#

dn: OU=FileMaker,DC=AD,DC=filemaker,DC=com

changetype: add

instanceType: 4

distinguishedName: OU=FileMaker,DC=AD,DC=filemaker,DC=com

objectCategory:

CN=Organizational-Unit,CN=Schema,CN=Configuration,DC=AD,DC=filemaker,DC=com

objectClass: organizationalUnit

description: Default Container for FileMaker Server serviceConnectionPoints

ou: FileMaker

name: FileMaker

[Wim Decorte]

Haven't tried it, but creating an OU is much easier using the default admin tools in Server 2003.

HTH

Wim