User authentication using AD/LDAP
RAM Commander supports two user authentication modes:
• | Internal built-in |
Users are stored in the internal RAM Commander Database and administrator may manage users (add, remove, password change etc.) using RAM Commander. It is the default authentication mode.
• | Active Directory / LDAP |
Users are stored in the internal RAM Commander Database but authentication is performed by Microsoft Active Directory. RAM Commander authenticates user against the Active Directory using LDAP protocol/API with optional SSL encryption.
The Active Directory authentication advantage is that this mode ensures that users have the same RAM Commander login credentials as they have in corporate Windows network, and that organizational security policy rules related to passwords (password strength, password regular change etc.) are enforced.
By default, RAM Commander uses built-in users database for authentication. In order to switch to LDAP authentication ramc.ini file located in the RAM Commander installation folder, BIN sub-folder should be updated. The [Authentication] section of the file contains authentication-related parameters, which should be defined to enable LDAP authentication:
Parameter name |
Description |
AuthType |
Authentication type. Set LDAP for LDAP or RAMC for build-in users database (default is RAMC). |
LDAPPath |
The full LDAP path to Active Directory, for example: LDAP://<server address>:port. By default, ports are 389 for regular connection and 636 for SSL. |
LDAPSSL |
LDAP Connection encryption: 0-regular or 1-SSL |
LDAPCheckGroup |
Group Check - if set to 1, login will be allowed only if user belongs to the specified group |
AllowedUserGroup |
Group name - login will be allowed only if user belongs to the specified group, case-sensitive |
DomainSuffix |
Constant Domain name suffix - the defined string will be added as suffix to user domain |
DefaultUserNameMode |
Possibility to offer current MS Windows user name as default in RAM Commander login dialog: 0-no (user login field is empty), 1-Windows user name, 2-Windows domain\user |
See the sample part of ramc.ini file with authentication set to LDAP with SSL:
[Authentication]
AuthType= LDAP
LDAPPath=LDAP://DC001.NorthWoods.com
LDAPSSL=1
LDAPCheckGroup=0
AllowedUserGroup=RAMCUsers
DomainSuffix= NorthWoods
DefaultUserNameMode=1
Please note that you need to take care of projects and permissions before switching to LDAP.
It is possible that the same person has different user name in RAM Commander that his/her user name in LDAP.
Then, if this person has projects with permissions level set to "Owner" or projects locked by that person, he/she will not have access to these projects after changing authentication mode to LDAP (because now he/she will have different user name now).
So, before switching to LDAP, all users should review their projects and “unlock” projects which are locked (green background color) by using the “Select/Deselect” option from the project’s popup menu and also change permissions level of their projects (projects where user is an "Owner") to "All".