Working with External Services

FileMaker Server can take advantage of certain external services to help centralize the management of information such as server location and user authentication credentials. If you or your organization maintains such services, you can configure FileMaker Server to use them. You can use external services to centralize two types of information:

  • Information about the location of machines running FileMaker Server. You can use one or more directory servers to maintain information about the names and locations of FileMaker servers throughout your organization, rather than having your users keep track of server names or addresses.
  • Information about user credentials. You can use the authentication services built into Windows and the Mac OS to map users network credentials directly onto FileMaker accounts and privileges.

Registering with an LDAP Server

Suppose that you work with a large organization, where the network is divided into several subnets, and there are a number of instances of FileMaker Server running on different machines throughout the network. For a user on one subnet to access a FileMaker server on another, the user must know the machine name or IP address of the server, and must add that information to her list of favorite servers.

Rather than ask users and administrators to keep track of multiple machines and machine names, its possible to use a directory server to maintain this information in a central location. The FileMaker Pro or FileMaker Advanced client and the SAT can both be configured to look for available servers via a directory server. As soon as the client or the SAT is configured to work through a directory server, any new FileMaker servers registered with the directory server automatically become visible to those clients.

FileMaker Server is capable of registering itself with directory servers that implement LDAP (Lightweight Directory Access Protocol). Such servers include Active Directory (Windows), Open Directory (Mac OS), and OpenLDAP (UNIX/Linux).

Configuring the interaction with a directory server has three steps:

  1. Configure the directory server.

  2. Configure an instance of FileMaker Server to register itself with the directory server.

  3. Configure one or more copies of FileMaker Pro, FileMaker Advanced, or the SAT to search the directory server for available instances of FileMaker Server.

The registration process is relatively complex, and is best attempted by administrators with experience in managing the type of directory server in question. Well walk through the critical steps in this section, without pretending to give a full introduction to the complex world of LDAP.

LDAP is a very flexible and very complex protocol. There are probably a great many ways to configure an LDAP server in such a way as to enable registration of FileMaker Server instances. Well show you just one way, which involves creating a new organizational unit (OU) on the LDAP server and registering servers beneath it. We use Windows Active Directory to illustrate the process.

Configuring an Active Directory Server

To register a FileMaker Server with an Active Directory server, begin by adding a new organizational unit to the server. Choose Start, Programs, Administrative Tools, Active Directory Users and Computers. In the new window, right-click on the name of the LDAP server machine and choose New, Organization Unit. This operation is shown in Figure 25.8. Give the new OU a name; we call ours fmp-ldap/.

Figure 25.8. To set up a FileMaker registry under Active Directory, begin by creating a new OU.


You need to associate a user with the new OU. You may want to create a new user just for this purpose. In that case, right-click the Users directory and choose New, User. This operation is shown in Figure 25.9. Take note of the username and password; theyll be necessary later when accessing the directory server remotely.

Figure 25.9. Youll probably want to create a new user to whom you want to delegate rights over the new OU.


You next need to delegate certain privileges over the new OU to the user you just created. Right-click on the OU name and choose Delegate Control. You then see the Delegation of Control Wizard. On the second screen, choose the new user you just created. On the following screen, labeled Tasks to Delegate, choose the Create a Custom Task to Delegate radio button. On the following screen, choose to delegate control of This Folder, Existing Objects in This Folder, and Creation of New Objects in This Folder. On the next screen, titled Permissions, choose Full Control in the Permissions area. On the screen that follows, click Finish to complete the act of delegation. That completes the configuration of the Active Directory server.

Note

It is probably possible to create a workable configuration by delegating less than Full Control to the user in question. If you create a user specifically for this purpose, though, and grant him minimal or no rights elsewhere on the server, there is probably little risk in giving that user full rights to the OU.


Registering with an Active Directory Server

With the Active Directory configuration complete, you next need to register one or more FileMaker servers with the directory server. You use the SAT to do this. In the SAT, connect to the server you want to register and go to the Directory Service tab. Figure 25.10 shows the necessary configuration. Here are the important settings:

  • Directory Server Name The host name or IP address of the Active Directory server you just configured.
  • LDAP Port Use the default port of 389 unless your server has been configured differently.
  • Distinguished Name Its important to get this exactly right. In Figure 25.10 Active Directory is configured with an OU, so the distinguished name looks like ou= and then a series of dc= directives, which refer to the individual components of the machine name. If your machine name is adserver.mycompany.com and your OU is named fmp-ou, the distinguished name would be ou=fmp-ou,dc=adserver,dc=mycompany,dc=com.
  • Login Settings Choose to use Windows authentication. For the account name, its important to use the form account-name>@.

Figure 25.10. You need to do a bit of work to fill in all the items necessary to register FileMaker Server with an LDAP server.


After youve filled these settings in, the SAT automatically tries to register the FileMaker server with the Active Directory server. This is the moment of truth!

One good way to check on the success of this operation is to look at the event log for the server you e trying to register. A registration failure generates only one or two eventsone of them an error. A common error is one of insufficient privileges. This error may mean that you didn supply the right logon credentials (bad username or password). It may also mean that you didn delegate sufficient privileges over the OU to the chosen user. Such an error is shown in Figure 25.11.

Figure 25.11. Configuring your delegated user with insufficient privileges over the OU is a common source of problems.


If registration did succeed, you should see quite a long list of events as each piece of information about the directory service is communicated to the server, culminating in an event with EventID 206, "Registration with directory service succeeded."

Successful registration also is visible on the Active Directory server, although it can take a while for the change to be visible there. Each registered server appears below the OU in which you registered it. The result is shown in Figure 25.12.

Figure 25.12. After FileMaker Server is successfully registered with the Active Directory server, the FileMaker server appears under the OU in Active Directory.


Tip

In the Mac OS version of the SAT, you can set up a preferred LDAP configuration. Choose FileMaker Server Admin, Preferences, and then choose LDAP Directory Service from the pop-up menu in the resulting dialog. You are given a screen where you can enter a default server address, port, search base, and login credentials.


Looking for Servers via LDAP

After youve successfully registered your FileMaker server with the Active Directory server, you can then use the Active Directory server when looking for hosts from FileMaker Pro, FileMaker Pro Advanced, or the SAT.

In FileMaker Pro, for example, if you choose File, Open Remote, you can then choose Hosts Listed by LDAP from the View menu. You can then click the Specify button to specify a directory service to connect to. Fill in the service information in the Specify LDAP Directory Service dialog. Possible settings are shown in Figure 25.13.

Figure 25.13. Use settings similar to those already used to register the server to look for registered FileMaker servers.


The settings are very similar to those you used when registering a FileMaker server. For Search Base, fill in the same string you supplied in the Distinguished Name field in the SAT when registering the FileMaker server earlier.

If all has gone well, the Open Remote File dialog should now show a list of all FileMaker servers registered with the chosen directory server. From here, you may work directly with those servers, or click Add to Favorites to add them to your list of preferred servers. These choices are shown in Figure 25.14.

Figure 25.14. After youve successfully connected to an LDAP server, you should see a list of all FileMaker servers registered with that directory service.


There are quite a few things that can go wrong in the complex process of configuring and connecting to an LDAP server. To learn about some of them, see "Trouble with LDAP" in the "Troubleshooting" section at the end of this chapter.


Using External Authentication Services

You can configure FileMaker Server to work with external authentication services. If your organization maintains a directory of usernames and passwords, and youd like to be able to reuse these credentials, its possible to configure FileMaker Server to do so. The mechanics of configuring both FileMaker Pro and FileMaker Server to do this are covered in Chapter 12, "Implementing Security."

For a discussion of how to configure external authentication, see "External Authentication," p. 346.




Part I: Getting Started with FileMaker 8

FileMaker Overview

Using FileMaker Pro

Defining and Working with Fields

Working with Layouts

Part II: Developing Solutions with FileMaker

Relational Database Design

Working with Multiple Tables

Working with Relationships

Getting Started with Calculations

Getting Started with Scripting

Getting Started with Reporting

Part III: Developer Techniques

Developing for Multiuser Deployment

Implementing Security

Advanced Interface Techniques

Advanced Calculation Techniques

Advanced Scripting Techniques

Advanced Portal Techniques

Debugging and Troubleshooting

Converting Systems from Previous Versions of FileMaker Pro

Part IV: Data Integration and Publishing

Importing Data into FileMaker Pro

Exporting Data from FileMaker

Instant Web Publishing

FileMaker and Web Services

Custom Web Publishing

Part V: Deploying a FileMaker Solution

Deploying and Extending FileMaker

FileMaker Server and Server Advanced

FileMaker Mobile

Documenting Your FileMaker Solutions



Using FileMaker 8
Special Edition Using FileMaker 8
ISBN: 0789735121
EAN: 2147483647
Year: 2007
Pages: 296

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net