Identity Management in Quercus<>

How Quercus uses the IDM

Task in Quercus

External

CampusIT Embedded

Authenticate user (login)

Quercus sends user name and password entered by user to LDAP server for verification.

It retrieves unique user ID to match username with the user record in the Quercus database.

User name and password is validated against data stored in a Quercus table.

Authorize user

Quercus sends query to LDAP server to find out if user is member of a particular group.

Quercus queries a local table to find out if user is member of a particular group.

Provision a new account

Quercus sends a request to the LDAP server to create a new user account.

Link between user account in LDAP and user record in Quercus is established via unique user id.

User account is provisioned directly in the Quercus table.

Reset or change user password (Note 1)

Quercus sends a request to the LDAP server to reset a user password.

Password is changed directly in the Quercus table.

Change user permissions (Note 2)

Quercus sends a request to the LDAP server to add or remove user from a specific LDAP group.

User is added or removed from a group in the Quercu table.

Note 1: This feature is optional – for example, in a situation where a customer already has a global forgotten password service there would be no need to make use of it.

Note 2: This feature is optional – for example, in a situation where a customer is using native LDAP tools exclusively there would be no need to make use of it.