Rajani,

Thank you for the information. One more question for you regarding User ID's. I understand that each repository has its own user ID's, but for example when you use the MDM console or the Import or Syndication manager client, do you need a user ID and password to logon? If so, where is this authenticated from?

Thanks.

Chad

Hi,

There are 2 Authentications.

1. One for the Server level.

You can set the Password for the MDM Server , by right-click on the mounted MDM Server in the console->Select "Change Password".

By default no password is set for the MDM Server.

So first time "Change password" is enabled only once the MDM Server is started.

Once the password is set, next time on wards it will ask the passowrd when you mount/start the MDM Server.

2. Repository level authentication.

This authentication details are maintained under the "Admin" section of each repository.

This user/password settings are used access to the repository using any one of the MDM GUI Clients such as

MDM Data Manager.

MDM Import Manager.

MDM Syndicator, etc.,

Thanks and Regards

Subbu

Subbu,

Thanks for the information. I found more documentation that leads me to a few other questions:

1. When opening the MDM Console, are you prompted with a username/password or does the software just open up? From what I've read, I would assume that the software just opens up and any authentication takes place when you mount a server (if the server is password protected).

2. From what I have read and seen in diagrams, it looks like tcp/ip is used to communicate between the GUI clients and the

MDM server. Do you know if the authentication process between the two is encrypted or is it in clear text?

3. When mounting a MDM server, I noticed that the MDM console user has to have administrator privileges for the machine on which the MDM server is running. Is the MDM Console user an Operating System (Windows, UNIX) user? I noticed that you start a MDM server with the "mds" account in UNIX and in Windows any account with Administrator privileges will work. SO does that mean the user I type in to mount the server has to exist in the operating system on the MDM server and has to have administrator privileges in order to mount the MDM Server?

Thanks,

Chad

Hi,

1. Yes, if the MDM Server is Passowrd protected, the software brings up the password dialog box.

2. I strongly feel its encrypted.

3.When you install MDM server as a windows service,

in Control Panel->Administrative tools->Services-> MDM Server ->Right click ->Properties->Logon

This is where you can set which OS user account can have permission to start the MDM Server.

Thanks and Regards

Subbu

Ok, so for each MDM server there is one Operating System account that can run the MDM Server. That means that each MDM server has the same password to mount it so you cannot have separate administrative usernames and passwords, correct?

Also, for single sign on with the portal, all you would need to do is to map the portal user id with the MDM user id and everything should work, correct?

Thanks, Chad

Hi,

Yes, the MDM Server has only the passowrd protection on top of the OS user account/password.

Perfect!!! you are there.

In the user mapping case, you need to have the users in both the places(MDM and Portal).

Inittially MDM SP2 has the LDAP support, but it was discontinued in SP3.

Recently MDM SP3 Patch level 4 has a support for LDAP.

So you can use LDAP as central User Management engine for Portal and MDM.

Thanks and Regards

Subbu

Thank you so much Subbu! I know if I had a machine in front of me it would have been a lot clearer a while ago but unfortunately I don't.

So in theory, you can have Active Directory as your LDAP source and single sign on would work seamlessly as long as you have the ID's mapped between the portal and MDM?

Hi,

When you use Active Directory as your LDAP source. All the user will be maintained in the active directory. You will not created any users in the MDM Repository.

But you configure the LDAP settings in MDS.ini file

When you accesss any GUI clients, the authentication is done by the LDAP. It does not look for the users in the repository.

Same LDAP source can be used for the Portal UME. So only one user exists in LDAP who can access the portal and MDM.

To my knowledge, when you do the user mapping, you are talking about user exists in both the systems. This what we used to do when SAP took out the LDAP support in SP3( up to Patch level 3). We have the user in MDM and user in portal and map the portal user with mdm user and access the MDM content in Portal

Thanks and Regards

Subbu

Thanks Subbu. Does MDM support SNC for encrypted communication?

Hi,

No Idea.

Thanks and Regards

Subbu

Hi Subbu,

I don't have much idea about LDAP setting.

As you are saying that if i will configure the LDAP settings in MDS.ini i can access any GUI clients. So is it like when i will open any GUI it will not ask for User and password? And what about the Access at Role level? Can I give access to table and field level by using LDAP settings?

Ronnie...

Hi,

Yes, you will configure the LDAP setting in MDS.ini file.

When you access the GUI clients, the user and password information is authenticated based on the user information stored in LDAP.

Regarding the roles and field level access, I have not explored till now.

Thanks and Regards

Subbu