Integrating Myriad's User Directory security with an LDAP Server

Modified on Thu, 26 Sep at 5:09 PM

Introduction

Myriad Playout v5.29 introduces the ability to link your Myriad Users Directory security database to an LDAP server to enable integrated security checking with other systems. With this feature turned on, when a user tries to login to Myriad, the password is checked against the LDAP server to see if that matches the password stored there. This process is often known as "Delegated Authentication" - i.e., you are delegating the 'authentication' of users to a different system.

This system can also run alongside the existing Active Directory integration, meaning that you can actually use both AD and LDAP to check and verify user passwords.

This means that if you have an existing security system (for example, a shared organisational website) that users already login to and can manage their passwords from there) then Myriad applications can "authenticate" users against that server. When they change their password via that website, then that will therefore be the password that they use to login to Myriad going forward.

Another common example is when you are using a Windows Active Directory ("AD") system however the PC that you are logging in with is not "Domain Joined" to that AD system, but you still want user authentication to be delegated to the AD system. In this case you would configure your Myriad Users Directory Database to connect to your AD Domain Controller via LDAP as all Microsoft AD Servers also provide LDAP services for user authentication.

Configuring your database

There are 2 steps to configuring LDAP integration:

  • In the User Security Settings window, turn on the LDAP integration, and enter the server name, port, and "LDAP Root DN" (or base path).  If you do not know these values, please check your LDAP server's documentation.
  • For each user in the Broadcast Radio Directory database, turn on the Use LDAP authentication option and enter the LDAP User id or connection string for that user. See below for some typical values, but you should consult your LDAP server's documentation for the per-user information to enter.

Configuring the User Security Settings window

Example: Configuring Myriad to work with an LDAP Server

In this example, we are connecting to the test server hosted by www.forumsys.com - this provides various test accounts, and is a good server to test with. More details about the accounts can be found at https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/

To use this test server, we enter the computer name as ldap.forumsys.com  and the root DN as dc=example,dc=com

 

mceclip0.png

For the user configuration in this example, we are going to use the riemann test account from the forumsys servers.  In the case of the test server, we need to use uid=riemann,dc=example,dc=com however you will need to check the "UID" that should be used in your LDAP servers documentation - usually this will include either a uid= or a CN= section:

 

mceclip1.png

 

Example: Configuring Myriad to work with Active Directory LDAP

In this example, our Active Directory Domain is called ad.mystation.com so we enter this as the computer name to connect to, and the Root DN is therefore DC=ad,DC=mystation,DC=com :

 

mceclip2.png

For the user configuration, we want our users to login with their first name, but to query the Active Directory we need to use their "Full Name", so we enter that in the LDAP UID/CN field. 

(Note: in many Active Directory scenarios, you are also able to enter the domain name and username as the UID/CN - for example AD\Mel)

 

mceclip2.png

Note: in many Active Directory scenarios, you are also able to enter the domain name and username as the UID/CN - for example AD\Mel

 

 

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article