The Contextless Login feature of Identity Console allows the users to login with only a user name and a password, without having to know or understand their entire user object context. For example, admin.support. If there are multiple users with the same user name in the tree, the Contextless Login tries to login using the first user account that it finds with the supplied password. In this case the user should provide the full context when logging in.
Administrators have the right to move the User objects or change the organization's name but this does not restrict the users from logging in.
Service Account: For using the Contextless Login, you need to provide the credentials for Service Account which should have the following rights on tree root object:
Read on the CN attribute.
Browse on [Entry Rights].
To take advantage of Contextless Login for a given tree, based on your environment, you have to enable the Contextless Login feature. The following procedure explains how to enable the Contextless login:
To run the login script you must have administrator credentials or read permissions for CN attribute on the tree. The following procedure explains how to enable Contextless Login for Standalone.
Navigate to the folder where the build is extracted.
Run the contextless login script, for example:./contextless-login, and enter the following information of a service identity account:
Server IP Address: IP Address/DNS of eDirectory server.
User DN: User DN for authentication.
Password: Password for authentication
Example:
./contextless-login -h < Tree Server IP/DNS> -a < cn=User, o=organization > -w < Password >.
NOTE:When a password has special characters, it must be enclosed within single quotation marks. Example: 'Nvll13#-Th1$1$L0ng'
A message appears as 'Contextless login configured’.
To enable the Contextless Login for Docker, run the command:
docker exec -it <identityconsole container name> /opt/novell/eDirAPI/sbin/contextless-login -h < Tree Server IP/DNS> -a <User DN> -w <User Password>
For example:
docker exec -it idconsolecontainer-1 /opt/novell/eDirAPI/sbin/contextless-login -h edirserver.novell.com -a cn=admin,o=novell -w novell
NOTE:When a password has special characters, it must be enclosed within single quotation marks. Example: 'Nvll13#-Th1$1$L0ng'
At present the Contextless Login do not support Workstation.
IMPORTANT:If the password of the Service Account is modified or expired you need to re-run the Contextless Login script with the new credentials.