Storages

Pointsharp ID reads and stores data in a Directory server. Two different storage types are used:

User Storage: User Storage is where the users already reside in the Directory. Pointsharp ID reads user information such as email address and mobile number from this location. Multiple user storages located in different Directories are supported, if the Pointsharp ID Server itself has access to it.
Pointsharp ID Storage: Pointsharp ID Storage is where all Pointsharp related user data is stored in an encrypted Organizational Unit (OU). The service account configured in the PSID Admin GUI needs to have delegated rights to be able to edit user values in this OU.

Pointsharp ID storage configuration

Complete the Preparations of the Directory in the installation process before configuration of Pointsharp ID Storage.

Pointsharp ID storage is how and where Pointsharp ID stores its user references. Pointsharp ID uses the user account to create, read, update and delete internal user data.

Start Pointsharp ID Admin GUI as an administrator.
Go to the Storage tab.
Under Pointsharp ID Storage, click Edit.

Parameter Description

Parameter	Description
Name	Type a name for the new Pointsharp ID storage.
Address	Set the address(es) to the PSID storage, such as the IP address or the hostname to the Directory. The value in the address must match the common name of the certificate presented by the Directory server. It is possible to configure a secondary address for fail-over purposes. The secondary address is specified comma-separated: `192.168.0.100,192.168.0.101`. Pointsharp ID will fail over to the secondary address whenever the connection is lost to the primary, and vice versa when connected to the secondary. Default the server will re-connect every 5th minute to the primary host address. This is configured in minutes in the XML-tag on the LDAPStorage object: `<ForcedSwitchInterval>5</ForcedSwitchInterval>` If set to 0, the forced re-connect is disabled.
Port	Set the port to the PSID Storage. Pointsharp ID uses LDAP for communication with the PSID storage. The default port for LDAP over SSL is 636 and for normal LDAP 389.
SSL	Check the SSL checkbox if SSL is to be used.
Timeout	The timeout in seconds for the connection to PSID storage. Default set to 15 seconds.
Username	The name of the service account that has the Read and Write permissions to the OU that shall be used as a Pointsharp storage. Username format should be `UserPrincipalName` or `DN`, for example, `administrator@domain.com` or `cn=administrator,dc=domain,dc=com`. Note that if you are using an AD server as Directory server, you would have to use `domain\user` or `user@domain` notation.
Password	Set the password for the account to use towards the PSID storage.
Test	Click the Test button to see if connection is established, testing the credentials towards the PSID storage.
Browse	Click Browse to browse the AD/LDAP, AD LDS tree. Point out where the Pointsharp storage OU is located and click OK.
Container Objectclass	Internal value. The Directory object class (root object) to use when storing user data. Default value is `organizationalUnit`.
User Objectclass	Internal value. The Directory object class (user object) to use when storing user data. Default value is `organizationalUnit`.
Composite Attribute	Internal value. The attribute for storing the composite username (the combination of the user storage name and username for the user). Default value is `ou`.
Username Attribute	Internal value. The attribute for storing the username. Default value is `l`.
Data Attribute	Internal value. The attribute for storing the user reference data. Default value is `searchGuide`.

Name

Type a name for the new Pointsharp ID storage.

Address

Set the address(es) to the PSID storage, such as the IP address or the hostname to the Directory. The value in the address must match the common name of the certificate presented by the Directory server. It is possible to configure a secondary address for fail-over purposes. The secondary address is specified comma-separated: 192.168.0.100,192.168.0.101.

Pointsharp ID will fail over to the secondary address whenever the connection is lost to the primary, and vice versa when connected to the secondary. Default the server will re-connect every 5th minute to the primary host address.

This is configured in minutes in the XML-tag on the LDAPStorage object:

<ForcedSwitchInterval>5</ForcedSwitchInterval>

If set to 0, the forced re-connect is disabled.

Port

Set the port to the PSID Storage. Pointsharp ID uses LDAP for communication with the PSID storage. The default port for LDAP over SSL is 636 and for normal LDAP 389.

SSL

Check the SSL checkbox if SSL is to be used.

Timeout

The timeout in seconds for the connection to PSID storage. Default set to 15 seconds.

Username

The name of the service account that has the Read and Write permissions to the OU that shall be used as a Pointsharp storage.

Username format should be UserPrincipalName or DN, for example, administrator@domain.com or cn=administrator,dc=domain,dc=com.

Note that if you are using an AD server as Directory server, you would have to use domain\user or user@domain notation.

Password

Set the password for the account to use towards the PSID storage.

Test

Click the Test button to see if connection is established, testing the credentials towards the PSID storage.

Browse

Click Browse to browse the AD/LDAP, AD LDS tree. Point out where the Pointsharp storage OU is located and click OK.

Container Objectclass

Internal value. The Directory object class (root object) to use when storing user data.

Default value is organizationalUnit.

User Objectclass

Internal value. The Directory object class (user object) to use when storing user data.

Default value is organizationalUnit.

Composite Attribute

Internal value. The attribute for storing the composite username (the combination of the user storage name and username for the user).

Default value is ou.

Username Attribute

Internal value. The attribute for storing the username.

Default value is l.

Data Attribute

Internal value. The attribute for storing the user reference data.

Default value is searchGuide.

Click OK to finish the configuration.
Click Apply in the bottom-right corner to apply the configuration.
Go to the General tab.
Restart. A Restart can be done from anywhere in the GUI by pressing CTRL-R.

User storage

Complete the preparations of the Directory before configuration of user storage.

Start Pointsharp ID Admin GUI as an administrator.
Go to the Storage tab.
Under User Storage, click Add.
When asked to copy the settings from the Pointsharp ID storage, click Yes.

Parameter Description

Name

Type a name for the new user storage.

Address

Set the address(es) to the user storage, such as the IP address or the hostname to the Directory. The value in the address must match the common name of the certificate presented by the Directory server. It is possible to configure a secondary address for fail-over purposes. The secondary address is specified comma-separated:

For example, 192.168.0.100,192.168.0.101

<ForcedSwitchInterval>5</ForcedSwitchInterval>

If set to 0, the forced re-connect is disabled.

Port

Set the port to the user storage. Pointsharp ID uses LDAP for communication with the user storage. The default port for LDAP over SSL is 636 and for normal LDAP 389.

SSL

Check the SSL checkbox if SSL is to be used.

Timeout

The timeout in seconds for the connection to user storage. Default set to 15 seconds.

Username

Set the username for the account with Read permission to use towards the user storage. Pointsharp ID uses this user account to read users.

Username format should be:

UserPrincipalName or DN

For example, administrator@domain.com or cn=administrator,dc=domain,dc=com.

Note that if you are using an AD server as Directory server, you would have to use domain\user or user@domain notation.

Password

Set the password for the account to use towards the user storage.

Test

Click the Test button to see if connection is established, testing the credentials towards the user storage. The result should read test OK. For Active Directory, it will also fetch the Root DN value and add it to the Root DN field. 10. Click the test button and make sure that the test result reads test OK.

Root DN

Set the DN of the base of the LDAP, usually this is DC=company, DC=com.

For example: dc=pointsharp,dc=com.

User Root DN

Add and remove distinguished names to use when searching for users for this user storage. Click Add on the User Root DN row to browse the AD/LDAP, AD LDS tree. Point out where your users are currently located, and click OK.

If users are spread out in your AD/LDAP/AD LDS, point out all locations instead of one combined root, in order to achieve the best performance.

Two criteria must be met to browse LDAP over SSL:

The Address field must be set to the hostname found in the server certificate (CN in the Subject DN) received from the server when connecting over LDAPS.
The CA certificate that issued the server certificate, must be found in the Trusted Certificate Authorities stored on the Pointsharp ID server.

Username Attribute

Internal value. The attribute for storing the username.

Default value is l.

Photo Attribute

The attribute in the user storage where the photo is stored on the users.

Default value is thumbnailPhoto.

Search Filter

The search filter to use when performing LDAP searches for users.

Default value is:

(&({usernameAttribute}={username})(objectCategory=person))

Open LDAP Search Filter

Pointsharp ID supports Open LDAP, and can be used both as a Pointsharp Storage and User Storage. The Search Filter needs to be edited to be able to locate users properly when using Open LDAP.

Change the default filter setting to the following:

(&({usernameAttribute}={username})(objectClass=inetOrgPerson))

Click OK and Restart. Verify this setting by searching for users in the Users tab. Remember to set both search options to None.

Change the attribute settings to match your setup of AD/LDAP/AD LDS.
Click OK to finish the configuration.
Click Apply in the bottom-right corner to apply the configuration.
Go to the General tab.
Restart. A restart can be done from anywhere in the GUI by pressing CTRL-R.

A user storage is now configured and Pointsharp ID should be able to find users in the Directory server.

The pooling configuration is accessed under each storage configuration by clicking the Advanced button. See Advanced configuration — Storage LDAP pooling.

Storage configuration test

To test that users are found correctly, go to the Users tab and do a search to see if any result is returned.

You need to change the search criteria to not search for PSID members.
If users are found, connection is established.
Right-click the username in the search result section and choose add PSID member.
Click Save changes and OK.
Verify that an OU has been created for the user in the Directory server under Pointsharp ID storage OU. If no OU has been created for the user, verify that the account used for the Pointsharp ID storage has sufficient permissions. If an OU has been created for the user, the storage configuration is working properly.

Press the Help button for detailed information on each field and function.