Well, I am stumped here. I have a client that may have to run their own Mac/Win server as their central IT dept is charging too much for hosting servers (cost recovery). I'd like to deploy FMSrvr using external authentication; I may need to run this on a Windows machine. The wrench in the plans is that the central directory services is Novell's eDirectory. In fact, the IT department removes the MS Client software on all workstations and installs the Novell one.

My question: Can FMSrvr on Windows talk directory to eDirectory (LDAP) for the purposes of external authentication? All the documentation mentions only AD. As I also don't want to manage an AD installation, is it possible to turn off AD and just have FMSrvr pass all authentication requests off to eDirectory?

Any guidance would be appreciated!

Bob

BioInfoworks, Inc.

an FMSrvr on Windows talk directory to eDirectory (LDAP) for the purposes of external authentication? All the documentation mentions only AD. As I also don't want to manage an AD installation, is it possible to turn off AD and just have FMSrvr pass all authentication requests off to eDirectory?

Essentially not. At one time there was a claim that Novell could be tricked into acting as if it were Active Directory, but not much ahs been heard of that lately.

If FileMaker Server 9 is running on its approved OS, Windows Server 2003 Standard Edition SP 2, you can make local server accounts and groups, and manage the External Authentication through that process. Be sure to remove the server from the domain when you do that. Also, this may not support SSO, but it will support external authentication.

I recommend a reading of Server External Authentication Tech Brief for more information on this topic.

There are also video tutorials on Security and on FileMaker Server that will prove useful in learning more about this process.

Steven

Thanks, Steven, for the quick reply!

If FileMaker Server 9 is running on its approved OS, Windows Server 2003 Standard Edition SP 2, you can make local server accounts and groups, and manage the External Authentication through that process. Be sure to remove the server from the domain when you do that. Also, this may not support SSO, but it will support external authentication.

Yes, I've thought of this, but (thinking strategically) I don't want to duplicate accounts and passwords. I realize that I can give them the exact account name and password, but when their SSO password changes, their 'FMServer' password will be out of sync. Another issue to solve..

I recommend a reading of Server External Authentication Tech Brief for more information on this topic.

Very familiar with that and most of their literature. I've been a FMPro developer for over 10 years!

There are also video tutorials on Security and on FileMaker Server that will prove useful in learning more about this process.

I just took a quick look at the list this morning. Very extensive - it looks like it could be quite a good resource. Are there any that are geared towards experienced developers? I really don't have the time to watch videos on the basics.

Bob

I just took a quick look at the list this morning. Very extensive - it looks like it could be quite a good resource. Are there any that are geared towards experienced developers? I really don't have the time to watch videos on the basics.

Take a look at the ones marked as Advanced Level Security Issues.

Steven

Essentially, you're looking at automating a duplication of what's in Novell's DS to either AD or OD to make this work for you. It can be done, it just takes dedication.

HTH

Wim