NTLM (Active Directory) Login

NTLM is an older protocol than Kerberos (in Windows), and is less secure. However, it is much simpler to setup. When Dekho’s authentication method is set to NTLM, the user’s browser automatically authenticates the user with the domain controller (Active Directory) and sends an authentication token to Dekho. The result is the user doesn’t have to enter a username/password. Dekho will automatically know who they are and which roles they have defined in LDAP (Active Directory for a windows system). The users do not have to be setup in the Administration Client, but their LDAP roles must match roles in the Administration Client.

When LDAP authorisation is used with NTLM, the user name queried in LDAP directory for authorisation must match the NT username. An NTLM authenticated username is usually like; MYDOMAIN\Dekhopc, whereas in the LDAP directory, the username of this same user could be just Dekhopc. So Dekho uses a regx pattern to extract the Dekhopc component form the NTLM authenticated username in order to query in the LDAP directory. If the NTLM authenticated username is of a different format, it might be necessary to alter the regx pattern to extract the username to query in LDAP.

Set Authentication to NTLM (Active Directory) Login.

The Domain of a user that is used by Dekho to pre-authenticate with the domain controller.

Enter the Username and Password of a user that has read access to the directory service.

Enter the Standard LDAP Group Settings for definitions and examples of the remainder of this form.

Remember to Click Save.

This will verify user credentials and parameters. If the parameters and credentials are invalid the administrator or will have be prompted, otherwise, the settings will be saved against the Configuration Database.

The first time a directory service is configured, users and roles will populate the Dekho configuration Database. Update the configuration database when new roles or new users appear in the directory.


Pre-Authenticated LDAP login