[ngw] GW - Authentication - change from edir to AD/LDAP
JBrugaletta at braytonlaw.com
Tue May 2 16:09:46 UTC 2017
I just went through this, Gary. Pretty painless, actually!
Yes, AD via LDAP. In 2014 GW Admin Console, you set up the LDAP server for AD/Edir ( I have both, they dont conflict) .. then under "SYSTEM" you'll see "Directory Associations" .. basically go in there and it'll re-associate the users from Edir to AD for you. You can test it on one account, like your own, if you'd like. As long as the username's are similar with edir/ad, then GW should pick them up to re-associate for you, but it'll ask you to confirm. My users didn't notice a thing when I changed them from edir to AD. Their Edir/AD passwords were the same, not sure if thats how it is in your place.
No reason to maintain GW passwords, in my opinion. Just another password/account to worry about.
In fact, once you add the AD ldap servers (System > LDAP Servers) you can create a test account and "associate" it to AD.
Clear as mud? It really is easy :) You won't break anything in trying it on something, as gw can run all types edir/ad/gw in parallel. So you dont really have to "cut" anything until everyone is re-associated.
NOTICE: This email and all attachments are CONFIDENTIAL and intended SOLELY for the recipients as identified in the "To", "Cc" and "Bcc" lines of this email. If you are not an intended recipient, your receipt of this email and its attachments is the result of an inadvertent disclosure or unauthorized transmittal. Sender reserves and asserts all rights to confidentiality, including all privileges that may apply. Pursuant to those rights and privileges, immediately DELETE and DESTROY all copies of the email and its attachments, in whatever form, and immediately NOTIFY the sender of your receipt of this email. DO NOT review, copy, forward or rely on the email and its attachments in any way.
NOTICE: NO DUTIES ARE ASSUMED, INTENDED OR CREATED BY THIS COMMUNICATION. If you have not executed a fee contract or an engagement letter, this firm does NOT represent you as your attorney. You are encouraged to retain counsel of your choice if you desire to do so. All rights of the sender for violations of the confidentiality and privileges applicable to this email and any attachments are expressly reserved.
>>> "Garry Bowers" <gbowers at lpcsc.k12.in.us> 5/2/2017 8:41 AM >>>
We are moving our GW 2014 from authentication to the edir to AD / LDAP. Or at least that is our plan.
Currently, as users require maintenance with GW I am breaking the association of the GW account with edir. And then I manually place a password in the GW account. All is fine with this, but I think we'd like to have the passwords or rather the GW clients authenticate to the AD. Am I correct in thinking this would be with LDAP?
And, if I were to cut the server from authenticating with edir and point it to the AD LDAP source what impact will that have on the GW clients? Will their GW clients automatically attempt to authenticate to the AD LDAP service, and would they need to put in the AD passwords associated with there AD accounts?
Or... should I simply cut the association with edir and maintain the GW accounts in a manual fashion. I'd rather not but am trying to keep the switch over as painless not only for the clients but for me too.
Thanks in advance for any suggestions!
Network Operations Manager
LaPorte Community School Corp.
More information about the ngw