You are viewing limited content. For full access, please sign in.

Question

Question

How can we use Laserfiche Discussions with named repository users?

Discussions
Updated May 1, 2017
asked on February 23, 2017

We have a client whose web server is on the DMZ. As such, it doesn't have access to Active Directory.

For this reason, users cannot leverage their AD accounts to log into Laserfiche Forms or Web Access. So we set up repository named users for them.

Can those users log into Laserfiche Discussions? Whenever we try, we get an error saying username and password is incorrect.

We were hoping it would work like Forms, where the app would synchronize its list of users with those of the repository its connected to. But, looking at the config page, it seems it doesn't work that way...

0 0

Replies

replied on February 23, 2017

Using the Single-Sign On page requires users that are registered in Directory Server. As such, Laserfiche users (created in LFDS) are supported, but repository users are not.

0 0
View 1 previous reply
replied on February 23, 2017

OK, that's a huge bummer then, because the client will feel like there's an entire Laserfiche module they own, but cannot use due to the product's technical restrictions.

To summarize the client's set up (which is quite common btw):

  • Forms and Web Access are on the DMZ because users need to access them from both inside and outside the network, the latter without having to VPN in.
  • Both internal and external users access the DMZ web server for anything Laserfiche-related.
  • The DMZ doesn't have access to Active Directory (for obvious security reasons)
  • Since Active Directory isn't an option, all users have repository named accounts.
  • We want to deploy Laserfiche Discussions on the DMZ as well so that employees can participate in discussions even when they are out and about (again, no VPN)

 

How can we get this setup to work? Are there any plans to allow repository named user accounts to use Discussions?

At the very least, we would like to be able to explain the technical reasons why Laserfiche Discussions works only through single-sign-on via the Directory Server. So if you can share that info, we would appreciate it.

Also, are there any plans to add support for named Laserfiche accounts at the Directory Server level? I feel like everything is being more and more tied to Active Directory, which severely limits deployment options in many scenarios. It would be nice to be able to create username/password accounts at the DS level and leverage them anywhere in the system.

0 0
replied on February 23, 2017 Show version history

"Also, are there any plans to add support for named Laserfiche accounts at the Directory Server level "

That is exactly the option I mentioned, so I'm confused about your question. There is NOT a requirement to use AD accounts; there is a requirement to use accounts managed or created in LFDS. As of 10.0, there have been Laserfiche Users in LFDS.

See the help files: https://www.laserfiche.com/support/webhelp/Laserfiche/10/en-US/administration/#../Subsystems/LFDS/Content/ManagingAccounts.htm#tabs-3

1 0
replied on April 27, 2017

Thanks Brianna. Looking into this further, I think I was confused initially because I read the help page you linked (before I posted the question) and saw this line:

Click  and select between registering Windows Active Directory user accounts or Novell eDirectory user accounts.

 

Which led me to believe that only Windows AD and Novell eDirectory accounts were supported at the LFDS level.

However, looking at LFDS, I see that there is indeed a third option for Laserfiche Accounts.

So perhaps the help files are outdated?

0 0
replied on May 1, 2017

There is already documentation on that third user type on the page I linked (for example, how to bulk import), but I agree, the opening section is somewhat misleading. We will take a look at it.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...