Looking to submit a support request? We are now a Perforce company, please submit any requests on our new support page.
Follow

Appendix: default/sample configuration file

 

It is recommended that you test these settings against a non-production testing Hansoft sever before

connecting to your live Hansoft database to make sure that everything is set up correctly. Also make sure

that you are receiving administration emails before tweaking settings so you can see the changes that

are made by the integration and the errors that are reported.

 

// Configure Hansoft Login

HansoftHost localhost                        // The IP address or DNS name of the Hansoft server to connect to.

HansoftPort 50256                        // The port of Hansoft server to connect to.

HansoftDatabase "Company Projects"        // The Hansoft database to connect to.

HansoftUser AuthIntegrationSDK                // The SDK account in the Hansoft database to connect to.

HansoftPassword secret                // The password for the SDK account in the Hansoft database to connect to.

HansoftSDKSessionTimeout 0                // The number of seconds until the SDK session timeouts if it cannot communicate with the Hansoft server.

If set to 0 the default value is used.

 

 

//////////////////////////////////////////////////////////////////////////////////////////

// Configure Certificate

 

EnableCertificates 0                        // Enable usage of certificates

PublicCertificatePath ""                        // If found the file overrides PublicCertificateData

PublicCertificateData ""                        // Server public certificate

PrivateKeyPath        ""                        // If found the file overrides PrivateKeyData

PrivateKeyData        ""                        // Private key

 

// Use these settings to specify a certificate authority that is not in your OS trust store. The OS trust store will still be used

// to authenticate the Hansoft server in addition to these settings.

 

CertificateVerifyHostnameMatches 1

CertificateVerificationDepth 9                // You can reduce this if you have a known certificate depth

CACertificatePath ""                        // If set and found the file overrides CertificateCACertificateData

CACertificateData ""                        // Certificate Authority data

PathToCRLs ""                                // Certificate Revocation List store directory, disabled if empty

CRLPath ""                                // If found the file overrides CertificateCRLData

CRLData ""                                // Certification Revocation List data

 

 

//////////////////////////////////////////////////////////////////////////////////////////

// Misc configuration

 

ProvideAuthenticationServices 1                // Set to 0 to completely disable Windows/SSPI authentication. If set to 1 (the typical setting)

the HansoftUser SDK user account must have the "Account can provide login authentication integration services" user property checked.

 

ProvideCredentialResolutionServices 0        // Set to 1 to provide credential resolution services to other Hansoft SDK Services. If set to 1, the HansoftUser SDK user account must have the "Account can provide credential resolution services" user property checked.

 

ErrorRetryTime 10                        // The number of minutes to wait before retrying after an exception such as a LDAP server being down, or the license being exceeded.

 

LockResourcesWithNoMapping 1        // When set to 1 resources that are deleted in LDAP will be locked in Hansoft. The resources have to be

                                 manually unlocked or deleted in Hansoft if they are to be removed.

 

UpdateInterval 60                        // The number of seconds to wait between polling the LDAP server.

 

Uninstall 0                                // Set to 1 to remove any trace of the LDAP integration from the Hansoft server you connect to. This will remove the

                                 any pairing data and the LDAP tab from resource edit dialog.

 

FuzzyMatchingStrength 0.0                // Fuzzy matching strength (0-1.0, default is 0) 0 means only a faster case-insensitive match will be made. A

                                 suitable starting value for fuzzy matching is 0.25

 

//////////////////////////////////////////////////////////////////////////////////////////

// *** IMPORTANT *** Configure Email Notification

 

EmailEnableLogging 0                                // Logs email communication with the smtp server to the "LogEmail" folder to enable debugging email

settings

EmailServer smpt.example.local                        // The SMTP server to send emails through.

 

EmailServerPort 25                                // The port of the SMTP server to send emails through.

 

EmailsFromName "Hansoft Auth Integration"        // The name appearing in the from field on sent emails.

 

EmailsFromEmail "hansoft@example.local"        // The email appearing in the from field on sent emails.

 

EmailServerLoginName ""                        // The login name to use to login to the SMTP server. Leave blank to disable login.

 

EmailServerLoginPassword ""                        // The password to use to login to the SMTP server.

 

EmailSecurityProtocol "None"                        // The email security protocol to use, available options are: None, SSL or TLS

 

EmailSendAdminEmailsTo "admin@example.local" // The email address to send administrative emails to.

 

EmailSendAdminEmailsToName "Admin"        // The name for the email address to send administrative emails to.

 

EmailSendAdminNotifications 1                        // Set to 1 for the administrative email to receive notifications about all operations the integration performs. Recommended to have turned on at least while setting up the integration.

 

//////////////////////////////////////////////////////////////////////////////////////////

// Configure Windows Single-Sign On

 

AllowClientUserNameSave 1                        // Set to 0 to prevent clients from remembering LDAP account names (note: clients never store LDAP account passwords)

 

//AuthenticationPackagesEnabled "Negotiate" // The authentication packages used to authenticate clients. Default is

"Negotiate". Could be anything supported by both client and server windows installations. Normally 'NTLM', 'Kerberos' or 'Negotiate'. You can

specify several by delimiting them with ','. The first supported package will be used.

 

//AuthenticationServiceDescription "Central Hansoft LDAP integration" // Seen by the clients when errors occurs when logging in. Can be

useful if several LDAP integrations are used within a group of Hansoft server connected through shares. The default is the domain of the

computer running the Auth Integration.

 

//////////////////////////////////////////////////////////////////////////////////////////

// Configure LDAP servers

 

// You can specify several LDAPServer sections to connect to several servers at once

LDAPServer

{

Servers "example.local"                // The LDAP server to connect to. If left blank the default ldap server will be used. You can specify the domain name, the server DNS address, or several server addresses separated by space if the domain have redudant servers. If you need to specify different ports for each server do so with server:port

 

ServersPort "389"                        // The port of the server to connect to. Typically set to 636 if you enable SSL, 389 otherwise.

 

ServersUseSSL 0                        // Enables SSL connection corresponding to the LDAP_OPT_SSL option.

ServersSigning 1                        // Enabled signing corresponding to the LDAP_OPT_SIGN option. Cannot be used together with SSL.

 

ServersEncrypt 1                        // Enabled kerberos encryption corresponding to the LDAP_OPT_ENCRYPT option. Cannot be used together with SSL.

 

ServersSASLMethod ""                        // Sets the SASL method to use when binding with Negotiate method. This corresponds to the LDAP_OPT_SASL_METHOD option. Could be for example "GSSAPI"

 

BindMethod "Negotiate"                // Sets bind method. Can be: "Negotiate", "Simple", "Digest", "DPA", "NTLM", "Sicily"

 

BindDN ""                                // Leave this one blank to use the credentials of the service to log in to the LDAP server. You will probably need to change the credentials that the service runs under for this to work. You can also specify the credentials to login with: //BindDN "example.local\\HansoftAuthIntegration:secret" // The credentials is specified in the format: "domain\\user:password"

 

 // You can specify several AutocreateResources sections to use different settings for different queries. If a user is found in several sections,

the settings of the first section that the user is encountered in will be used.

AutocreateResources

{

SearchBase "CN=Users,DC=example,DC=local"                // The base DN where you want to search for users.

SearchScope "SubTree"                                        // Can be Base, OneLevel and SubTree. Base searches only the base directory.

OneLevel searches all directories under the base directory (not recursive), but not the base directory. SubTree searches the base directory and

all subdirectories recursively.

 

SearchFilter "(objectClass=person)"                                // The search filter to apply to the users. Set to "" to return all users in search

base. The syntax is the default LDAP filter syntax. Example:

// SearchFilter "(&(objectClass=person)(memberOf=CN=Hansoft Users,CN=Users,DC=example,DC=local))" // This search filter will limit

the users returned to the users that are members of the 'Hansoft Users' Group.

 

ResolveGroupsRecursively 0                                        // Set to 1 to recursively resolve resources by following recursive group memberships

 

RecursiveGroupObjectClass "group"                                // The object class that specifies a group when resolving recursively

 

RecursiveResourceObjectClass "person"                        // The object class that specifies a resource when resolving recursively

 

RecursiveMemberAttribute "member"                                // The attribute to use to resolve groups recursively

 

LogSearchResults 0                                                // Set to 1 to return the result of the above query to the log file

 

LogSearchResultAttributes 0                                        // Set to 1 to return the result of querying the attributes below to the log file

 

ResourceNameAttribute "name"                                // The LDAP attribute to get the resource name from. Multiple attributes is seperated by ";" and will be checked in order until a valid name is found. Required.

 

ResourceGUIDAttribute "objectGUID"                                // The LDAP attribute to get a identifier that uniquely identifies the LDAP user. Required.

 

EmailAttribute "mail"                                                // The LDAP attribute to get the resource email address for the user from. Optional.

 

DisabledAttribute "userAccountControl"                                // The LDAP attbibute to get the disabled state of the user from. Optional.

 

DisabledAttributeFlag "2"                                        // The value to bitwise AND with the value of the DisabledAttribute. If the resulting value differs from 0 the resource is considered disabeld. Optional.

 

SendPasswordEmailToResource 1                                // Set to 1 to send a welcome email with password to the email of the resource. If no email is specified for the resource the email will be sent to the admin email address instead.

 

SendPasswordEmailToAdmin 1                                        // Set to 1 to send the welcome emails to the administrator email. If SendPasswordEmailToResource is set to 1 only a notification will be sent to the administrator.

 

SendAccountNameChangeEmailToResource 1                        // Set to 1 to send a rename email to the email of the resource. If no email is specified for the resource the email will be sent to the admin email address instead.

 

SendAccountNameChangeEmailToAdmin 1                        // Set to 1 to send the rename email to the administrator email. If SendAccountNameChangeEmailToResource is set to 1 only a notification will be sent to the administrator.

 

LogSearchResultAttributes 1                                        // Set to 0 to stop sending user attributes of LDAP search results in administrative e-mails

 

LogSearchResults 1                                                // Set to 0 to stop sending the results of LDAP user searches in administrative e-mails altogether // LogMaxEmailLines 100 // Maximum number of search results to include in administrative e-mails.

 

AutoCreateResources 1                                        // Set to 0 to disable automatic creation of resources. Could be useful when initially binding resources manually.

 

AutoAssignAlreadyCreatedHansoftResources 1                        // Hansoft resources will paired with LDAP users based on partial fuzzy matching of the name. You can override the assigned LDAP users from within Hansoft by editing the resource and selecting the LDAP tab.

AutoAssignAlreadyCreatedHansoftGhostResources 1                // Hansoft ghost resources will be paired witd LDAP users based on partial fuzzy matching of the name. The resources will be converted based on AutoConvertResourcesToType. If AutoConvertResourcesToType is set to NoConvert the resources will be converted to normal resources. You can override the assigned LDAP users from within Hansoft by editing the resource and selecting the LDAP tab.

 

AutoConvertResourcesToType NoConvert                        // Sets the type that resources in this search should be upgraded to. Possible values: NoConvert, QAAccount, NormalResource.

 

AutoRenameResourcesWhenNameChanged 1                        // Renames resources in Hansoft when users are renamed in LDAP. Caution, this also applies to auto paired resources, and the resources will be immediately renamed.

 

DefaultEnabledAuthenticationMethods 3                                // Default enabled authentication methods for new users: 1 = Hansoft password only, 2 = Windows/LDAP only, 3 = both methods

 

WelcomeSubject "Welcome to Hansoft Project Manager"                // The subject of welcome emails.

 

WelcomeText                                                        // The main body text of welcome emails. {0} = Database | {1} = Server and port | {2} = Account name | {3} = Account password | {4} = Hansoft URL for the server and database

 

"A new account has been created for you in the Hansoft database '{0}'.

To log in please download and install the Hansoft client from http://www.hansoft.se/

When the hansoft client has started, connect to the following server:

{1}s

 

And then log in to the following database with the following account and password:

Database: {0}

Account: {2}

Password: {3}

 

You can click the following link to connect to the correct server automatically (only works after install):

{4}

"

WelcomeTextLDAPPassword                                        // Text displayed instead of a Hansoft password for users that only have Windows login enabled

 

"Your Windows account password.

You can log in without typing your password when 'Login via Windows' is displayed."

 

WelcomeTextEitherPassword                                        // Text displayed immediately following the Hansoft password for users that have both Hansoft and Windows login enabled

"

Preferably, use your Windows account password or log in without typing a password when 'Login via Windows' is displayed."

 

AccountRenameSubject "Your Hansoft Project Manager account has been renamed"                // The subject of rename emails.

AccountRenameText                                                                                // The main body text of rename emails. {0} = Database | {1} = Server and port | {2} = Account name | {3} = Old account name | {4} = Hansoft URL for the server and database

"Your account in the Hansoft database '{0}' has been renamed.

 

The old account name was:

{3}

The new account name is:

{2}

You can click the following link to connect to the server where your account was renamed:

{4}

"

}

 

// You can specify several AutocreateResourceGroups sections to use different settings for different queries. If a group is found in several

sections, the settings of the first section that the group is encountered in will be used.

AutocreateResourceGroups

{

SearchBase "CN=Users,DC=example,DC=local"                                                // The base DN where you want to search for groups.

 

SearchScope "SubTree"                                                                        // Can be Base, OneLevel and SubTree. Base searches only the base directory.

OneLevel searches all directories under the base directory (not recursive), but not the base directory. SubTree searches the base directory and

all subdirectories recursively.

 

SearchFilter "(objectClass=group)"                                                                // The search filter to apply to the groups. Set to "" to return all groups in search

base. The syntax is the default LDAP filter syntax. Example:

// SearchFilter "(&(objectClass=group)(memberOf=CN=Hansoft Groups,CN=Users,DC=example,DC=local))" // This search filter will limit

the groups returned to the groups that are members of the 'Hansoft Users' Group.

 

ResourceGroupNameAttribute "name"                                                        // The LDAP attribute to get the group name from. Multiple attributes is

seperated by ";" and will be checked in order until a valid name is found. Required.

ResourceGroupGUIDAttribute "objectGUID" // The LDAP attribute to get a identifier that uniquely identifies the LDAP

group. Required.

 

ResourceAssignAttribute "member"                                                                // The LDAP attribute to get the fully qualified DN of members of this group.

Required.

ResourceAssignGUIDAttribute "objectGUID"                                                        // The LDAP attribute to get the unique identifier for the member users

from the fully qualified DN returned from ResourceAssignAttribute. Must correspond to the GUID returned for users in the AutocreateResources

sections.

ResourceAssignRecursive 1                                                                        // Set to 1 to recursively resolve members of resource groups.

 

AutoAssignAlreadyCreatedHansoftResourceGroups 1                                                // Hansoft resource groups will paired with LDAP groups based on partial fuzzy matching of the name.

 

AutoRenameResourceGroupssWhenNameChanged 1                                                 // Renames resource groups in Hansoft when groups are renamed in LDAP. Caution, this also applies to auto paired resource groups, and the groups will be immediately renamed.

 

LogSearchResultAttributes 1                                                                        // Set to 0 to stop sending group attributes of LDAP search results in

administrative e-mails

 

LogSearchResults 1                                                                                // Set to 0 to stop sending the results of LDAP group searches in administrative e-mails

altogether

// LogMaxEmailLines 100 // Maximum number of search results to include in administrative e-mails

 }

}

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request