Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


...

Widget Connector
width300
urlhttps://www.youtube.com/watch?v=TsnWHn2SUC8&index=21&list=PLTQXV2-cm8mA-N373g1KSiS6INgCyOQYC
height153

...

width70%

System Configuration Module

This module allows you to view system settings and to make changes to preferences, enabled features and serial keys.

You access the module as a System Administrator using the

...

Configuration link in the System Tools group on the dashboard.

...

Preferences

The preferences section allows you to control a plethora of customization options that affect the

...

way Chameleon behaves. You can set the warning length for story headers and bodies

...

. Or set the temperature scale or wind speed units. Also set many default values used when creating new topics.

Changes to the preference values will take effect when the change is saved.

In the screenshot below you can see

  • the list was filtered to show only preferences related to Story

  • the selected preference setting is for the Story Header Warning Length

  • the value can be changed and saved

  • the value can be reset to the default value using the reset button

...

System Info

The system info section provides a summary of information about the browser, installed components and culture settings.

This is a report only - no changes can be made here.

...

The culture info represents the server settings that are used when displaying content in

...

Chameleon To change these you must change the corresponding settings on the web server that is hosting

...

the Chameleon application.

Serial Key

The serial key section allows you to view and change the serial associated with the instance of

...

Chameleon. The serial keys control which features of your product can be enabled for use.

It displays:

  • your current serial number

    • and indicates if it is valid

  • Expiry date

    • some serials are created for demo or trial use and will expire while others have no expiry

  • Product

    • this identifies which product the key enables - Example:

...

    • Chameleon, Tick-it, etc.

  • Features

    • this is a list of available features that you are licensed to use.

...

Features

This section allows you to control which of the features are enabled for use in

...

Chameleon.

Disabled features do not show:

  • on the home page dashboard

  • in the BLADE module

You would choose to disable modules if your serial gives you more features than you wish to currently use. If you decide you would like to use them you can always re-enable them here.

After making your changes press the Save button. A popup message will confirm when the changes are saved.

...

This features section was added in version 6.10.4.2

Database Maintenance

This section provides a glimpse into the update status of the system.

...

Google Login

...

Available in version 8.10.2.4

You can enable individual users to login using their existing google account instead of using separate password stored in Flow.

Enable in System Preferences

To enable this you must set the appropriate System Preference keys.

...

  • Google > Login

    • set this to true

  • Google > Client Id

...

Assign Users to Google Login

Follow instructions here

...

LDAP

Note
iconfalse

First edition available in version 8.9.4.3

Support for a search user enabling additional user attributes such as sAMAccountName attribute where added in 9.5.4.5.

Improved Active Directory support available in 9.6.2.2

...

.

Good to know:

...

  1. The username must match their username in the LDAP directory.

...

  1. See the Connection Testing section for more info below...

...

LDAP Login

...

If you have existing users with passwords that are already in use - you can still switch to LDAP. Activating LDAP support will not remove those existing passwords. 

LDAP Setting Access

You access the LDAP settings in the Configuration module. This module can be accessed by a logged in System Administrator or before login by accessing the password protected configuration page directly using a Config url for your installation in the format such as https://chameleon.blcloud.net/Config/

This could allow you to access the LDAP settings if needed without using an LDAP based user login first.

LDAP Configuration

The individual settings required are also documented inline on the configuration page.

In order to connect you'll need to be able to specify:

...

The host name of your directory server. Examples:

...

The port on which your directory server is listening.

Examples:

  • 389
  • 10389

...

The distinguishedName (DN) of the user to login with to perform user searches.
This user needs to only be granted view/search privileges. It does not update the directory.

Example: cn=read-only-admin,dc=example,dc=com

Added in build 9.5.4.5

These fields aren't used if you have a situation where the user DN can be directly determined via a concatenation of User Attribute, User RDN, Base DN.

...

Search Filter

...

The filter used when searching for users in the directory.

Examples:

  • For LDAPv3: (objectClass=inetOrgPerson)
  • For AD: (objectCategory=person)(objectClass=user)(!sAMAccountType=805306370)

...

The root distinguished name (DN) to use when running queries against the directory server. Examples:

  • o=example,c=com
  • cn=users,dc=ad,dc=example,dc=com
  • For Microsoft Active Directory, specify the base DN in the following format: dc=domain1,dc=local. You will need to replace the domain1 and local for your specific configuration. Microsoft Server provides a tool called ldp.exe which is useful for finding out and configuring the LDAP structure of your server.

...

Additional User RDN

(multiple)

...

This value is used in addition to the base DN when searching and loading users. If no value is supplied, the application will build the lookup path using only the base DN. Example:

  • ou=Groups

You can define multiple User DNs and assign each a friendly name that is selected when setting up the user in the user module.

...

The attribute of an LDAP user object that specifies the login name of the user. Examples:

  • cn
  • uid
  • sAMAccountName

Connection Testing

You can test your connection settings before you enable them.

To do so - fill in the all the configuration settings.

(You don't even have to save the settings - the test buttons use the values entered into the form - not the saved values)

Then you have two options for testing the connection setting:

  1. Test if we are able to do a basic connect to the server
    1. Press the Test Connection button after saving your configuration settings
    2. NOTE: this will not work if your server doesn't support anonymous binds (unauthenticated access).
      1. it may also work for a server in your domain but then not work from a server outside its domain.
  2. Test if we are able to connect to the server using the defined search user.
    1. Press the Test Search User button after entering the required search user information.
    2. NOTE: this may work even if the above basic test connect does not because it is using the search user id and password to authenticate.
  3. Test if a given userid/pwd will successfully authenticate.
    1. Enter the userid and password and press the Test Login button.

Connection Debugging

To help with debugging why a login test might not work you can enable a preference key to enable additional tracing. In the preferences module search for "tracing". You will find an LDAP Tracing option. Set this to True to enable it.

When the tracing option is enabled you can view the messages in an audit report. From the dashboard/home page look for the Reports group and then select the Audit Log.

On the Audit report page, change the Report Type select list to be Login Audit Events.

Image Removed

Report items to look for:

  1. is the correct host and port values being passed in?
  2. is the search filter criteria correct?
  3. if it found a user did it successfully extract the user DN?

Notes

If using the cn user attribute as the login name then you may be able to use the LDAP authentication without the need for a search user. The application concatenates the user attribute and value to the additional user dn and the base dn to build the complete user distinguishedName (DN).

If the using an alternate attribute that is not part of the defined user distinguishedName - then a search user is required to allow the app to search for the user by using the alternate attribute (eg. sAMAccountName) and then grab the user distinguishedName from the user record.

Either way: the application then passes the unique DN and password to the LDAP server to check if the combination is valid and if so they are allowed to login.

Good to Know

  1. You still need to create an account in Flow for each user to be able to assign privileges in Flow.
    1. The username must match their username in the LDAP directory.
  2. When they login Flow will check the password against the LDAP-compatible directory instead of the Chameleon database.
  3. You can test your connection settings even before you save or enable them.
    1. See the Connection Testing section for more info above...
  4. Use of LDAP must be enabled on each user record it will be used with as well as turning on the main "Allow LDAP Login" on the LDAP config page.

...

width30%

...

borderColor#0070b1
bgColor#FFFFFF
borderWidth1

In this section:

Table of Contents
indent15px

...

There are details available on the Using LDAP page.