Versions Compared

Old Version 39

changes.mady.by.user Former user

Saved on

compared with

New Version 40

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section
Column

It is assumed that you already went through Live Form's installation instructions and have Live Forms running. LDAP Connectivity is available in the in-house only and not offered as part of our SaaS packages.

Info

Safari browsers later than v5.1.7 running on Windows is no longer supported. Issues were found when using Safari with LDAP - SSO.

Image Removed

Column
width240px

On This Page:

Table of Contents
maxLevel1

Section
Column

It is assumed that you already went through Live Form's installation instructions and have Live Forms running. LDAP Connectivity is available in the in-house only and not offered as part of our SaaS packages.

Info

Safari browsers later than v5.1.7 running on Windows is no longer supported. Issues were found when using Safari with LDAP - SSO.

Image Added

Column
width240px

On This Page:

Table of Contents
maxLevel1

Prerequisites

These instructions assume that you have an in-house installation of Live Forms up and running or you have signed up for an LDAP tenant on the cloud server

Warning

Active Directory Customers using LDAP must ensure that frevvo.User, frevvo.TenantAdmin and frevvo.Designer groups are specified on your LDAP/AD server. The group names must be spelled as shown. Upper/lower case may be a factor for Open LDAP systems. 

  • All users requiring access to Live Forms must be assigned to the frevvo.User group. 
  • Tenant admin users must be assigned to the frevvo.User and frevvo.TenantAdmin groups,
  • Designer users must be assigned to the frevvo.User and frevvo.Designer groups.
  • Users with the frevvo.publishers role must be assigned to the frevvo.Publisher and frevvo.User groups on your LDAP/AD Server.
  • Users with the frevvo.ReadOnly role must be assigned to frevvo.ReadOnly and frevvo.User groups on your LDAP/AD Server.

Key Information to Collect

...

 

Note

There are four special roles in : frevvo.TenantAdmin, frevvo.Designer, frevvo.Publisher, frevvo.ReadOnly, that must be specified on your LDAP/AD Server if you have users that will be assigned these roles. The group names must be frevvo.TenantAdmin, frevvo.Designer, frevvo.Publisher, frevvo.ReadOnly . Upper/lower case may be a factor for Open LDAP systems.

 

Check if the configuration is correct

...

The first issue is cased by the user login in. For instance, John Stevens LDAP account is JStevens but he logs in as jstevens, he will be recognized by case insensitive LDAP and thus granted access but will not be recognized as a designer or as a tenant admin by . To solve this, set the property com.frevvo.security.ldap.ignoreCase to true.

To prevent issues you could always login to  using lower case jstevens. LDAP will grant access as it is case insensitive and  will know that you may have the designer or admin special permission. However users can forget to do this. To force this configure 's web.xml parameter frevvo.login.userid.case by adding the <context-param> lines you see below. You can specify a value of either lower or upper.

Code Block
languagejavascript
<context-param>     
    <param-name>frevvo.login.userid.case</param-name>     
    <param-value>lower</param-value>     
    <description>Force all login user ids to upper or lower case</description> 
</context-param>

...