Our institution have delayed upgrade from Luminis 4.2 to Luminis V because we use an external authentication with password reset, password change syncing to our Active Directory. This is currently made possible with a technology called Security Authentication Framework for Luminis 4. Ellucian says that they currently don't support this technology in Luminis 5.
I'm curious how others have achieved a single identity and what software/tools you used to achieve it. We currently have Luminis 4.3 authenticating with the Luminis LDAP, Active Directory which authenticates user login to PC's (different username), an openLDAP that serves as server authentication (same credentials as AD but different passwords), Banner forms using Oracle ID, SSB using Luminis LDAP and a host of Web applications that also use Luminis credentials.
We are in the process of setting up Outbound Account Provisioning to Active Directory using BEIS with Banner being the authoritative source. We could successfully provision everything but password. We are not able to sync GODTPAC pin as AD user password. Has any one could successfully implement account provisioning to AD? I would appreciate any light on this.
Thank you in advance!
does anybody have some insights on the differences between having externally managed CAS to authenticate to Luminis 5 versus out-of-the-box CAS with LP5? are there technical reasons why you would choose one over the other?
we want our CAS to use our Active Directory instead of the Luminis LDAP. we also want to have password management such as the one described here: https://github.com/dmazurek/cas-pm#readme (or something similar). is the externally managed CAS best for these situations or does it matter? will we be able to do these with the LP5 CAS?
I am looking to hear from schools who have Luminis password management enabled and Active Directory co-existing.
Does anyone have Luminis as the authoritative password management interface and this feeds password change events over to AD?
At our school, we are in the beginning stages so we only have a subset of users in AD. We can get Luminis password change events to AD via Hitachi password Synch.
The real problem is getting AD password resets back to Luminis without wiping out the users' Questions and answers (stored in Luminis).