LDAP authentication

Windows supported protocols

The Helix ALM License Server running on Windows supports the following authentication protocols:

  • Simple—Client sends username/password as plain text data over the network. This method is not secure and should only be used over secure networks or in combination with SSL/TLS encryption. This is also covered as the SASL PLAIN mechanism, documented in RFC 2595.
  • DIGEST-MD5—Client sends username/password as encrypted text over the network. This method is only supported for authentication to an Active Directory server.
  • GSSAPI (Kerberos)—Client sends authentication token that is generated based on username/password over the network. This method is secure because it does not send the username/password over the network. It is only supported on Windows for authentication to an Active Directory server.

Unix supported protocols

The Helix ALM License Server running on Unix supports the following authentication protocols:

  • Anonymous—Client does not provide any connection parameters, which results in an anonymous authentication if the server allows it.
  • Simple—Client sends username/password as plain text data over the network. This method is not secure and should only be used over secure networks or in combination with SSL/TLS encryption. This is also covered as the SASL PLAIN mechanism, documented in RFC 2595.
  • DIGEST-MD5—Client sends username/password as encrypted text over the network.

LDAP technical notes

Most LDAP-enabled application clients are designed to work with a specific, well-defined schema. Standard applications, such as Helix ALM, usually work with a standard schema, such as RFC 2256, A Summary of the X.500(96) User Schema for use with LDAPv3. The Helix ALM License Server retrieves LDAP records based on proposed RFC standards.

  • ObjectClass Person (RFC 2256 - A Summary of the X.500(96) User Schema for use with LDAPv3)
  • ObjectClass OrganizationalPerson (RFC 2798 - Definition of the inetOrgPerson LDAP Object Class)
  • UserID and Email Address (RFC 1274 - The COSINE and Internet X.500 Schema)

Microsoft Active Directory technical notes

Microsoft Active Directory is an LDAP compliant directory service that is supported through the LDAP configuration. The Helix ALM License Server retrieves LDAP records based on proposed RFC standards.

  • ObjectClass Person (RFC 2256 - A Summary of the X.500(96) User Schema for use with LDAPv3)
  • ObjectClass OrganizationalPerson (RFC 2798 - Definition of the inetOrgPerson LDAP Object Class)
  • UserID and Email Address (RFC 1274 - The COSINE and Internet X.500 Schema)