VPository LDAP Authentication (Group)

VPository supports two ways of authentication - built-in authentication and directory server authentication. While the built-in authentication allows you to easily set up and manage member accounts completely inside VPository, active server authentication allows users to login to VPository with credentials stored in and managed by a directory server.

In order for directory server authentication to work, administrator has to install a utility called DS Connector, and have it configured to connect both VPository and the directory server. DS Connector acts as bridge between VPository and directory server. It's capable to synchronize user listing from directory server to VPository, and to manage the authentication from Visual Paradigm to directory server, through VPository.

In this page, you will learn how to work with LDAP authentication from creating user groups in Apache Directory Studio to installing and configuring DS Connector. If you are interested in working with user instead of user group, please read VPository LDAP Authentication. If you are interested in Active Directory Authentication, please read VPository Active Directory Authentication (Groups).

There are series of steps you need to take in order to make LDAP authentication works. Please read through all the steps below without skipping any of them, even if you are familiar with LDAP and Apache Directory Studio.

Step 1 - Creating user account in ApacheDS

In this section you will learn how to create user account in ApacheDS using Apache Directory Studio. It's mainly written for people who are not familiar with ApacheDS. However, even if you are familiar with ApacheDS, be sure to read through the steps as some of the settings will influence the authentication process.

  1. In LDAP Browser, navigate to the ou=users node under DIT > Root DSE > ou=system.
  2. Right click on the ou=groups node in and select New Entry... from the popup menu.
    Adding a new entry via LDAP Browser
    Adding a new entry via LDAP Browser
  3. In the New Entry window, keep Create entry from scratch selected and click Next.
  4. You are prompted to enter one structural object for creating the new user. Select groupOfUniqueNames as the object class
    Selected groupOfUniqueNames
    Selected groupOfUniqueNames
  5. Click Add to add groupOfUniqueNames to the list of selected object classes. You will see a list the object classes from the groupOfUniqueNames object hierarchy are being added automatically.
    groupOfUniqueNames added to the list of selected object classes
    groupOfUniqueNames added to the list of selected object classes
  6. Click Next.
  7. For RDN, enter cn=developer, where developer is the name of group and you should supply your own group name here - developer is just an example.
    RDN entered
    RDN entered
  8. Click Next.
  9. Add users into this group by creating multiple uniqueMember attributes and entering the DN of those users as attribute values. A uniqueMember attribute is default created. Enter the first user's DN in the Value cell.
    Entering the DN of a user
    Entering the DN of a user
    By the way, be sure to set password for users who will use Visual Paradigm. Users without password won't be able to access the VPository. To set a password for a user, select the user node under ou=users in LDAP Browser. Click on New Attribute... in the Entry Editor on the right hand side. In the New Attribute window, select userPassword to be the Attribute type. Click Finish, enter the password and click OK to confirm.
  10. Add other users by creating more uniqueMember attributes. To do this, right click on any attribute row in the New Entry window and select New Attribute... from the popup menu. Then enter uniqueMember in the Attribute type field in the New Attribute window and click Finish. Finally, specify the DN of that user.
    Users added to user group
    Users added to user group
  11. Click Finish.

Step 2 - Downloading DS Connector from VPository

DS Connector acts as a bridge between VPository and directory server. In this section you will see how to download DS Connector from VPository.

  1. Open a web browser.
  2. Visit and login your cloud entry point.
  3. Select System Tools from the menu on the left hand side.
  4. Open the tab Single Sign-On.
  5. Click on Configure under the section Directory Service Connector.
    To configure directory service connector
    To configure directory service connector
  6. Choose the operating system for the machine where ApacheDS is installed.
    Choosing the right operating system
    Choosing the right operating system
  7. Click Download. Keep the dialog box opened as you will need to copy the key presented in the dialog box when you configure DS Connector in the next section.

Step 3 - Installing and configuring DS Connector

In this section you will install DS Connector, and configure it to make it connect to both VPository and ApacheDS.

  1. Copy the downloaded zip file to the machine where ApacheDS is installed.
  2. Extract the zip file to a folder.
    DS Connector (zip) extracted
    DS Connector (zip) extracted

  3. Open an elevated command prompt.

    For Windows Server 2008 users, click the Start button, type cmd, and then right-click Command Prompt and select Run as administrator from the popup menu.

    For Windows Server 2012 users, search cmd in the Apps screen, and then right-click Command Prompt and select Run as administrator at the bottom of the screen.
    Run elevated command prompt
    Run elevated command prompt
  4. Navigate to DS_Connector_12.1\service where DS_Connector_12.1 is the name of the folder extracted. Please run it as administrator to avoid any potential issues caused by insufficient write permission.
  5. Type the following command to install DS Connector as service:
    install_service.bat
    Installing DS Connector as system service
    Installing DS Connector as system service
  6. Run DS_Connector_12.1\DSConnectorUI.exe.
  7. When you run DS Connector the first time, you are prompted to configure the connection to VPository/Teamwork Server. In the Configure Server window, keep VPository selected.
    Configure Server window
    Configure Server window
  8. Fill in the cloud entry point.
  9. Enter the key, which is the code you saw in the end of the previous section. If you have accidentally closed that dialog box, or if the key has expired, don't worry, just click Configure again (step 4 of the previous section) to obtain another key.
    Entering key for server configuration
    Entering key for server configuration
  10. Click Connect. If succeed, you should see the message Server configuration succeed.
  11. DS Connector is now connected to VPository. Now, you need to configure the connection to ApacheDS. On the left hand side of the DS Connector Console, click Add Directory Server.
    To add a directory server
    To add a directory server
  12. Select ApacheDS as Directory Server.
    Selecting ApacheDS
    Selecting ApacheDS
  13. Enter a name for this configuration.
  14. Enter the host name and port of the ApacheDS. As we suggested you to install DS Connector on the machine where ApacheDS is installed, your host name is pretty likely to be localhost or 127.0.0.1. Regarding the port, while the default port of ApacheDS is 10389, you may need to confirm it with your administrator in case it has been changed.
  15. Enter Bind DN or User. If you use Apache Directory Studio, you can obtain the required value by right clicking on the LDAP connection and selecting Properties from the popup menu. The Bind DN or user can be found under the Authentication tab.
    Obtaining the Bind DN or user from Apache Directory Studio
    Obtaining the Bind DN or user from Apache Directory Studio
  16. Enter the password for logging into ApacheDS.
    Configuring ApacheDS connection
    Configuring ApacheDS connection
  17. Click Test Connection. If succeed, you should see the message Test connection succeed.
  18. Click Save in the Configure Directory Server window.
  19. The newly configured directory server is listed on the left hand side of the DS Connector Console. If necessary you can add more directory servers by repeating from step 11 until this step.
    Directory server added
    Directory server added

Step 4 - Synchronizing users to VPository

In this section you will add users into DS Connector Console to let it synchronize the users to VPository. When you finished this section, the chosen users can login VPository from Visual Paradigm, using the login details managed by ApacheDS.

  1. Select the directory server in DS Connector Console.
    Selecting a directory server
    Selecting a directory server
  2. On the right hand side, click Add.
  3. In the Add users/group window, select the user groups to be made available on VPository. The users in selected groups will become members of VPository, and will have access to Visual Paradigm projects.
    Select user groups to add to DS Connector Console
    Select user groups to add to DS Connector Console
  4. Click Add.
  5. That's it. You can see the selected user groups listed on the right hand side of the DS Connector Console.
    Users added to DS Connector Console
    Users added to DS Connector Console

    The user groups, along with the users will be synchronized to VPository shortly (~1 minute). Once the synchronization has been completed, you will see the user groups available in the Members > Groups page of VPository, like this:
    User group synchronized to VPository
    User group synchronized to VPository

    The users are available in the Members page of VPository. Note that the synchronization will synchronize only the user name and login ID. It will not synchronize nor to process any password of any users in ApacheDS. Whenever a user tries to login VPository from Visual Paradigm, VPository will communicate with ApacheDS for authentication.
    Users synchronized from ApacheDS
    Users synchronized from ApacheDS
    So now, you assign the user groups to projects so that the users can open the project from Visual Paradigm and start working. If necessary you can also grant them admin permissions.

    To login VPository from Visual Paradigm, please enter the Email (Login ID) of member as Email (not the display name), and the password stored in ApacheDS as Password.
    Login from Visual Paradigm
    Login from Visual Paradigm

Related Resources

The following resources may help you learn more about the topic discussed in this page.

 
8. Managing groups Table of Contents 10. Managing groups (Active Directory)
 

Technical Support

Have technical issues or suggestions? Please contact Visual Paradigm Support Team.

Sales Support

Have questions related to registration, licensing or payment? Feel free to contact Visual Paradigm Sales Team.

Discussion Forum

Share your suggestions of opinions at VP Discussion Forum.