Profiler - UPMC Life Changing Medicine · account recovery, password management, object creation,...

ProfilerTable of Contents

Introduction.............................................................................................................................3Minimum Requirements..........................................................................................................4Upgrade..................................................................................................................................5

From v5.1.5........................................................................................................................5From v5.1.x.........................................................................................................................5From v5.0...........................................................................................................................6

Software Installation...............................................................................................................7IIS Configuration ....................................................................................................................8

Web Site.............................................................................................................................8Web Service Extensions....................................................................................................9

Profiler Configuration............................................................................................................10License Key......................................................................................................................10Global Catalog..................................................................................................................10Domain Controllers...........................................................................................................10Profiler Admins..................................................................................................................11Notification........................................................................................................................11General.............................................................................................................................11Active Sessions................................................................................................................11

Configuring Password Management....................................................................................12User Instructions...................................................................................................................13

Login.................................................................................................................................13Password Recovery.........................................................................................................14

Getting under the hood.........................................................................................................15File Structure....................................................................................................................15

cgi.................................................................................................................................15dll..................................................................................................................................15data..............................................................................................................................15

Templates.........................................................................................................................16Template File Description.............................................................................................16Template Keywords......................................................................................................19Edit Object....................................................................................................................20Create Object...............................................................................................................22Email Notification.........................................................................................................24Macros..........................................................................................................................25

Release Notes......................................................................................................................26v5.2.1................................................................................................................................26v5.1.5................................................................................................................................26

Profilerwww.dirwiz.com 1/27

http://www.dirwiz.com/

v5.1...................................................................................................................................27



IntroductionProfiler is a web based interface for Active Directory management. In it's first few releases the software was intended for the end user to update their own information in Active Directory (Name, Telephone Number, Address etc.). In the newest release the functionality has expanded to include: account recovery, password management, object creation, administrative functions. Here are a few example scenarios that Profiler can be used:

● Account RecoveryAsk any help desk person what their most frustrating job is password reset. The busy administrator has to drop everything and reset a password for a user who has forgotten it.

With Profiler, this never has to happen. Using Profiler the end user can answer a security questionnaire. The answers are encrypted and stored in their user object in Active Directory. When that forgetful moment comes around, the user can use any web browser, answer the questionnaire and reset their own password.

● Account MaintenanceYour sales team has just moved offices and changed their telephones. Your HR department receives dozens of requests from those sales people to have their information updates. HR then delivers all the requests to your help desk. The whole process can take days leaving your end user frustrated.

There is a better way. You the administrator can define which attributes the user has control over. When the user needs to make a change, they just connect to Profiler and update their own information.

Worse, no one wants to update their own information, they are too busy selling. No problem. A user in the sales OU (or domain) can be given Profiler administrative privileges (No provisioning in AD!) to update everyone else's information.

● Mail ForwardingA user is moving to a subsidiary company and needs to have their mail forwarded to a new address. The admin has to first create a hidden contact in Active Directory, then go back into the user record and forward the mail to that hidden contact. Problem solved: 15 minutes lost.

Profiler can auto-create hidden contacts to handle this. The user simply enters the SMTP address they want to forward to. Profiler will search the directory for that address, if it finds it, the mail is forwarded to that object. If the address cannot be found, Profiler will auto create and hide the contact in a specific OU (determined by the admin). When the user ceases the forwarding and the object exists in the OU we created it in, Profiler will automatically delete that contact.

● Custom SchemaA steering committee decided that each user record should have 5 new custom attributes populated for each user object. Someone will have to write a custom application to gain access to those attributes to manage them.

Profiler can dynamically read your Active Directory schema. All the administrator has to do is modify the user form to include the new attributes and Profiler will make sure the entry fields match the schema requirements.

We hope this gives you just a glimpse into the power and flexibility of Profiler.



Minimum Requirements

Server● Server Operating System

Windows 2000 or better

● Web ServerAny web server that supports CGIExample: Microsoft Internet Information Services (IIS v5.0) or Apache 2.0

● Storage50mb hard disk

● Access to a domain controller for each domain (LDAP port 389 tcp)

● Access to a global catalog server (LDAP port 3268 tcp)

● For Password reset, SSL LDAP port 636 tcp to each domain controller.

● Access to an Active Directory forest integrated DNS server running on a domain controller.

● A proxy account ID and password with necessary permissions to update objects.

Client● Client network connection

56kbps

● Web BrowserAny web browser supporting javascript and CSS.

Here is a list of what is NOT required to run Profiler● Microsoft .NET

● Java

● Database Software (SQL, Access etc)

● The web server does NOT need to be a member of the forest or to any domain. (Except for integrated authentication)

● Client web cookies. No cookies are stored on the web browser.



Upgrade

From >v5.1.5Use the following steps to upgrade your software from v5.1.x:

● Stop your web server.

● Backup your existing Profiler installation directory.

● Install the new software over your existing installation.

● Start your web server.

● Open config.cgi using your web browser. Open each configuration screen, review it's settings and save each screen to fully upgrade the configuration file.

● Edit your custom map files and convert all dashes '-' in template variable names to underscores '_'.

● Edit person-edit.tmpl to reflect the following changes:<tr><td colspan=3>

<table width=100% cellpadding=0 cellspacing=0><tr>

<td valign=top align=left><a href="<TMPL_VAR NAME=vcard_data>">vCard</a><br><TMPL_IF NAME=CANRECOVER><a href="<TMPL_VAR NAME=SESSIONLINK>f=pwrecovery">Account Recovery</a><br></TMPL_IF><TMPL_IF NAME=CANRESET><a href="<TMPL_VAR NAME=SESSIONLINK>f=resetpw">Reset Password</a><br></TMPL_IF><TMPL_IF NAME=CANUNLOCK><a href="<TMPL_VAR NAME=SESSIONLINK>f=unlock">Unlock Account</a><br></TMPL_IF></td><TMPL_IF NAME=CANEDIT><td align=right valign=center>

<input type=submit name=savebutton value=Save><input type=submit name=resetldif value=Reset>

</td></TMPL_IF>

</tr></table>

</td></tr>

From v5.1.xUse the following steps to upgrade your software from v5.1.x:








From v5.0Use the following steps to upgrade your software from v5.0:



● If you have modified the default templates (profiler\cgi\templates\default), copy this directory to a new location (example: profiler\cgi\templates\custom). These files will be overwritten by the installation program.

● Move profiler\cgi\templates\master.js and profiler\cgi\templates\master.css to your custom template directory. These files will now reside in this directory.




● If you have created a custom template directory you can now select this from the General configuration in config.cgi



Software Installation

First start the Profiler installer and accept the license agreement.

Next, select the software installation location. In the examples below we will use c:\Profiler

Finally select options for locating this documentation.



IIS Configuration

Web Site

In the following example we will configure Internet Information Service to host Profiler. Begin by starting the IIS Manager found under Start/Administrative Tools. Right click on the default web site and select New Virtual Directory.

Next select the alias you wish to use to access Profiler. In this example 'profiler' is used resulting in the following URL:

http://localhost/profiler

Select where you would like the virtual directory to point to. In our example we will use c:\Profiler\cgi. The cgi designation is important for security reasons. Do not use c:\Profiler.

Finally, allow CGI programs to execute.

This completes the web site configuration, continue with the next steps to configure Profiler as a web service extension.



http://localhost/profiler

Web Service Extensions

While you are still in IIS Manager, select Web Service Extensions. Profiler's CGI programs must be allowed to execute. There are two ways to grant this. The easiest is to Enable “All Unknown CGI Extensions”. Otherwise, follow the steps below.

Select Add new Web service Extension. The Extension name is just a display label, in this case we use Profiler. Add the 3 CGI programs found in c:\Profiler\cgi and be sure to check the Allow check box.



Profiler ConfigurationAll of the configuration of Profiler is done using a web browser. For security reasons the configuration program only allows the use of localhost in the URL. In effect you can only access the configuration program from the computer you installed Profiler on.

Following our previous examples, you can access the configuration program with the following URL:

http://localhost/profiler/config.cgi

For first time installs use the menu on the left to configure different aspects of the software. Work from the first item (Licensing) down, saving each screen as you go.

On all of the configuration screens you can click on to get contextual help in a pop up. This information will be updated with each new version of software released.

License KeyThe Profiler license key consists of base64 encoded binary data. It looks like multiple lines of random characters. When you receive your key, cut and paste this into the large text field and click save. Extra spaces, blank lines and invalid characters will be automatically removed.

Global CatalogThe Global Catalog is needed to give Profiler a forest wide view of the directory across multiple domains. Select a host that is closest to your Profiler install. Use an ID/Password that has at least domain admin permissions.

Domain ControllersDomain Controllers are needed to send updates. In this case we need to be able to connect to one DC per domain in the forest.



http://localhost/profiler/config.cgi

Profiler AdminsProfiler does not require any changes to your security settings in Active Directory. Rather, it has it's own clear-cut security view. From here you can determine who is a profiler admin and for what objects they have control over. Other functions such as password reset and object creation can be enabled/disabled on a global basis.

NotificationThis is one of the most requested features of the software. The ability to send a report of the account changes to a list of admins, the user, and or that users's manager.

GeneralA variety of options can be enabled/disabled. Ranging from the automatic creation of hidden contacts to be used as mail forwarding objects to password management functions for the user to defining a macro attribute.

Active SessionsThis is a report of all users who are actively using Profiler.



Configuring Password ManagementProfiler can be used as a self-service password recovery/reset system. This functionality can be enabled in the General/Password Management section of the configuration program. By enabling this function the end user will receive two new menu items.

The Password Recovery menu item will prompt the user to answer three security questions. This is based on the template pwrecovery.tmpl. When the user saves their answers they are encrypted and stored. By default extension attribute 1-3 are used to store this information.

If the user forgets their own password a new button marked “Forgot Password” is now available on the login screen which will prompt the user for the security answers. If these answers are correct, the user can then reset their password.

The user can also at any time reset their own password independent of the above functionality using the reset password link found on the user edit screen.

Microsoft requires that the LDAP connection be encrypted with SSL before submitting a password reset. By default Active Directory does not enable LDAP SSL, so it must be enabled. The following link outlines how to setup LDAP SSL on a domain controller. Note you must do this for every domain controller that Profiler will use for password reset.

Using Microsoft Certificate Services (easiest)

http://www.microsoft.com/technet/security/prodtech/windows2000/secwin2k/swin2kad.mspx

Using a third party certificate

http://support.microsoft.com/kb/321051

Once SSL is enabled on the domain controller, you DO NOT need to enable SSL for each domain controller in config.cgi. Unless this is absolutely needed, the interface will be dramatically slowed down by the use of SSL for EVERY LDAP connection. Profiler will automatically use SSL when it needs to submit a password reset.



http://support.microsoft.com/kb/321051

http://www.microsoft.com/technet/security/prodtech/windows2000/secwin2k/swin2kad.mspx

User InstructionsCongratulations! You have now successfully configured Profiler for use. The instructions in this section will go over the user environment.

LoginFollowing our example configuration, your user can now login using the following URL:http://hostname/profiler/profiler.cgi

From here your user must enter their login id, select their domain and enter a password.

Once the user is authenticated, their object will appear as the default first item.



Password RecoveryThe password recovery function asks a user a set of security questions to validate who they are, once validated they can reset their password. This is a great time saving function only if your users have already filled out the questionnaire!

When the user edits it's own object, an extra option, Password Recovery will appear. Selecting this will bring up the following example screen:

Profiler will then encrypt those answers in Active Directory. This is a necessary security feature to keep prying eyes from seeing the answers!

Now, if a user forgets their password, they can enter their ID and click the 'Forgot Password' button. The user will be prompted to answer their security questions in order to reset their password.



Getting under the hoodThe previous pages have got you all of Profiler's configuration. This next section is devoted to the customization of Profiler. With a bit of HTML, Javascript, & CSS knowledge you will have free reign to change the interface the user sees in any way you see fit. This is done through a handful of configuration files and templates. We will begin with Profiler's file structure then go over customizing everything from object editing to search results.

File Structure

cgiThis directory houses the Profiler executables and template files.

The template directory by default comes with two files and two directories. The files: master.js and master.css are used to configure global Javascript functions as well as the global cascading style sheet. The two directories each contain template files: config & default. The entire configuration interface is controlled by templates found in the config directory. We recommend that you not edit these files.

The default directory contains the default templates for the user interface. Profiler is multi-lingual so as expected you will find the default en or English template directory. You can customize Profiler to any language you wish. More information on editing the actual template files can be found later in this document.

dllThis directory contains the programmatic library files for the executables. For the windows environment these are Dynamic Linked Libraries. These files should not be modified.

dataThe data directory holds all the the Profiler configuration, sessions, global template files and reference files.

create This directory contains the default settings for a created object. More information can be found later in this document.

session A session file is created as each user logs on to Profiler. The file is a substitute for HTTP cookies, by storing user session information in each files. The session files will be automatically be cleaned up.

config.xml This is the main configuration for Profiler. All the settings from config.cgi are stored here.

magic This is a very misleading file name. This is used to determine the mime type of binary objects stored in Active Directory.

notification.txt This is the template for notification emails.

person-vcard.txt This is a template file to generate vcard files from a person object.

schema When you save your global catalog configuration, Profiler automatically downloads your Active Directory schema and stores it here. If your schema changes, simply re-save your global catalog configuration.



TemplatesThe key to customizing Profiler is through it's templating system. First we will begin with discussing the keyword syntax used, then move into actually editing the template files.

Template File DescriptionThe default templates for the user interface are located in \Profiler\cgi\templates\default.

If you wish to create your own custom set of templates, copy this directory to \Profiler\cgi\templates\[New Template]. In this way your templates will not be overwritten by a software upgrade. Once you have copied the files, be sure to change your configuration to use your new templates (config.cgi/General).

In the template directory there are language directories. By default Profiler ships with a set of English templates (\Profiler\cgi\templates\default\en). You can customize Profiler to your language by copying the en directory to your language (example: Spanish – es, French – fr etc). From there you can edit the template files directly and change the lables to fit the language.

Below we will give a short description of each of the files. More about the internals of each fill can be found later in this document.

<attribute>.txt This will turn any text attribute from a text field into a drop down list. The file contains one value per line. Example:|NoneAF|AFGHANISTANIn the above example each value is divided by a pipe (|) character. The left side represents the actual value stored in the directory, the right is the display value seen by the user.

binary.tmpl This is the interface to a binary attribute. It includes an upload function for items like pictures and certificates.

create.tmpl This is the first screen the user sees to create a new object. This determines where it should be placed in the directory. create1.tmpl is called when this form is completed.

create1.tmpl This is the second screen the user sees to create a new object. This determines what the object will be. Once the temp object is created in the session the <objectclass>-create.tmpl file is called to edit the object before saving.

dnref.tmpl This allows the user to select a DN type object from the directory (manager, group membership etc)

footer.tmpl This is used as a global template to define the HTML footer for each of the templates.

forgotpw.tmpl This is the security questionnaire template to be used for password reset. Note that the user must fill out pwrecovery.tmpl in order to reset their own password from the login screen.

header.tmpl This is used as a global template to define the HTML header for each of the templates.



login.tmpl The initial login screen the user first sees.

<objectclass>-create.tmpl This is called after create.tmpl. This is an edit screen to populate values into the new object before it is saved and created in the directory.



<objectclass>-edit.tmpl This is the workhorse template. Any object that is edited uses this template. Note that objectclass is used. Profiler parses the values of objectclass for the object. A user would have the following objectclass:toppersonorganizationalPersonuser Profiler looks for templates from the bottom up. If the template does not exist it moves to the next value and searches. Profiler ships with a top-edit.tmpl as a catch-all template for those map files not defined.

pwrecovery.tmpl This is the security questionnaire the user needs to answer to enable password recovery for their object.

resetpw.tmpl This is the screen to reset a user's password. This is unrelated to the password recovery templates.

search-<objectclass>.tmpl This is the global search results template. It follows the same use as <objectclass>-edit.tmpl. In this case it matches the objecttype of the search with the correct template.

unlock.tmpl This is the screen a user uses to unlock their own account. It should be very similar to pwrecovery.tmpl

update-ldap.tmpl This is the results screen for an update done to a directory object.



Template KeywordsProfiler uses the HTML::Template library to allow special keywords to be interpreted as values, links and data fields. This offers a very flexible approach to user interface design.

<TMPL_VAR> This tag substitutes a value for the tag.<TMPL_VAR NAME=SN-VALUE>In the above case the entire string will be replaced with the last name of a person object.The name field syntax of an attribute is very specific:attribute-(value|edit|edithide|view)[-javascript][-req]The above case is used for viewing or editing an attribute of an object. The optional javascript is the name of a javascript function that will be used to validate or modify the data. req defines if the attribute requires a value.

edithide is a special mode where the input to a single-line text field can be hidden by asterisks. This is the same functionality as a password type field.

<TMPL_LOOP> This is most commonly used when iterating records such as a search or a list of distinguished names. Each loop is defined with a specific name:<TMPL_LOOP NAME=SEARCHLOOP>

<TMPL_VAR NAME=SN-VALUE><br></TMPL>In the above example a list of last names from a search will be return. SN-VALUE will be replaced with the last name of each object found in the search.

<TMPL_INCLUDE> For simplicity you can include other template files with your master template file. In this way you can create one template file that may be common to many other templates.<TMPL_INCLUDE NAME=header.tmpl>

<TMPL_IF> This is a basic IF loop. The IF logic depends on if the value contains a value or not (True or False).<TMPL_IF NAME=SN-VALUE>

<TMPL_VAR NAME=SN-VALUE><TMPL_ELSE>

Blank</TMPL_IF>In the above example the last name will be displayed if it has a value, if it does not 'Blank' will be written.



http://search.cpan.org/~samtregar/HTML-Template-2.9/

Edit ObjectThese instructions will give you a basic understanding of some of the stock templates.

Lets add a telephone number field to edit for this record.

In this snipet of code you get the feel for where the row hearder is defined as well as how the fields are individually defined.

<tr><th align=center colspan=3 class=attribgroup>General</th></tr><tr>

<th nowrap align=left valign=top>First Name</th><td><TMPL_VAR NAME=attrib-givenname-edit> </td>

</tr><tr>

<th nowrap align=left valign=top>Initials</th><td><TMPL_VAR NAME=attrib-initials-edit> </td>

</tr><tr>

<th nowrap align=left valign=top>Last Name</th><td><TMPL_VAR NAME=attrib-sn-edit> </td>

</tr><tr>

<th nowrap align=left valign=top>Description</th><td><TMPL_VAR NAME=attrib-description-edit> </td>

</tr><tr>

<th nowrap align=left valign=top>Office</th><td><TMPL_VAR NAME=attrib-physicaldeliveryofficename-edit> </td>

</tr><tr>

<th nowrap align=left valign=top>Telephone Number</th><td><TMPL_VAR NAME=attrib-telephonenumber-edit-validatephone> </td>

</tr><tr>

<th nowrap align=left valign=top>Photo</th><td valign=top>

<TMPL_IF NAME=attrib-thumbnailphoto-value><a href="<TMPL_VAR NAME=attrib-thumbnailphoto-VALUE>"><img width=50 src="<TMPL_VAR

NAME=attrib-thumbnailphoto-VALUE>"></a></TMPL_IF><TMPL_VAR NAME=attrib-thumbnailphoto-edit> </td>

</tr>



If we add the following code after the photo we should now have a telephone number field to edit.

<tr><th align=center colspan=3 class=attribgroup>General</th></tr><tr>

<th nowrap align=left valign=top>First Name</th><td><TMPL_VAR NAME=attrib-givenname-edit> </td>

</tr><tr>

<th nowrap align=left valign=top>Initials</th><td><TMPL_VAR NAME=attrib-initials-edit> </td>

</tr><tr>

<th nowrap align=left valign=top>Last Name</th><td><TMPL_VAR NAME=attrib-sn-edit> </td>

</tr><tr>

<th nowrap align=left valign=top>Description</th><td><TMPL_VAR NAME=attrib-description-edit> </td>

</tr><tr>

<th nowrap align=left valign=top>Office</th><td><TMPL_VAR NAME=attrib-physicaldeliveryofficename-edit> </td>

</tr><tr>

<th nowrap align=left valign=top>Photo</th><td valign=top>

<TMPL_IF NAME=attrib-thumbnailphoto-value><a href="<TMPL_VAR NAME=attrib-thumbnailphoto-VALUE>"><img width=50 src="<TMPL_VAR

NAME=attrib-thumbnailphoto-VALUE>"></a></TMPL_IF><TMPL_VAR NAME=attrib-thumbnailphoto-edit> </td>

</tr><tr>

<th nowrap align=left valign=top>Telephone Number</th><td><TMPL_VAR NAME=attrib-telephonenumber-edit-validatephone> </td>

</tr>

Profiler automatically looked up the telephonenumber attribute in the schema and found it to be a text type field. In addition to editing, a javascript function called validatephone will be called to reformat the number to 10 digits with symbols.

This is a very simplistic demonstration but with this you should be able to add and remove attributes from the edit interface to fit your requirements.



Create ObjectThis is a very new and exciting feature of Profiler. While the functionality is basic, we hope to expand on this with further customer feedback.

Object creation is based on two template files and some LDIF (Lightweight Directory Interchange Format) files. First let's begin with the LDIF files.

These files found under \Profiler\data\create\. Each object type that can be created should have a matching file in this directory. If you wish to limit the types of objects created you can add/delete each file. Do not delete the altrecipient.ldif file, this is used for auto-contact creation in mail forwarding. In this example we will create a contact object.

If you open the \Profiler\data\create\contact.ldif file you will see something like this:

dn: cn=objectclass: topobjectclass: personobjectclass: organizationalpersonobjectclass: contactinstancetype: 4

These attributes define the defaults for the object created. All of these are required by the object and should not be changed. You can add default values to this file if you wish. These attributes do not need to be in the edit screen when the object is created.

Once your user account is on the Profiler admin list and allowed to create objects, you should have a Create Object menu item in the upper left portion of the screen.

Profiler launches create.tmpl. From here you can set the create location.

The second screen of create object (create1.tmpl) asks what kind of object to create and what it should be called.



From this point the contact-create.tmpl template is used to edit the new object. Note the object is not actually created until this form is saved.



Email Notification

Profiler can send out an email notification report, this email message can be changed. The file is located in \Profiler\data\notification.txt

Object: <TMPL_VAR NAME=OBJECT>User: <TMPL_VAR NAME=USER>Client IP: <TMPL_VAR NAME=IP>

Report:<TMPL_LOOP NAME=RESULTLOOP><TMPL_VAR NAME=ATTRIB> <TMPL_VAR NAME=STATUSBAD><TMPL_VAR NAME=STATUSGOOD></TMPL_LOOP>

Since this file is interpreted as a text file you do not need to use html, so manual carriage returns are important.



MacrosA macro attribute is a unique attribute that drives the values of other variables. For example, a user is presented with a drop down list of departments. When a value is selected, the city and state are automatically set to match where that department is.

Attribute Department City StateType Index Child ChildFilename department.txt l.txt st.txtValue0Value1 Sales Lynchburg TNValue2 Support Washington DCValue3 Corp Dallas TX

In the above table we have defined some set values so that when department is set the City and State will change to match. Note Value0 is left blank for cases where the attribute may be blank to begin with. For example, the user selects the Support department (Value2), the city will automatically be set to Washington and the State, DC.

To define all of the values first go into the template and create a .txt file for each attribute and populate them with drop down values. Enter a value one per line in each file (the order of values is important!).

Next in the general options of config enter your index attribute (department) and a comma separated list of child attributes.

The user interface should allow the ability to change the department pull down but now the child pull downs (they will change automatically).



Release Notes

v5.2.103/11/2008

Bug Fixes● Macro Attribute support has been rewritten and performs as expected.● The web browser's Auto-Complete functionality has been disabled for all text fields except for

search. This caused a potential security hole when saving data in the security questionnaire.● Template variable names with underscores were incompatible with Javascript. All template

variables should now use dashes '-' instead of underscores '-'.● config.xml corruption should no longer occur because of pre-win2k duplicate entries. The

entire discovery has been rewritten (see below).Enhancements

● Date validation Javascript functions have been added to master.js. This will validate date formatted fields.

● Password Recovery as been re-named to Account Recovery with the addition of the user being able to unlock their own accounts after answering the security questionnaire.

● Active Directory groups (not nested) can be now be added to the Profiler admin list. The group membership will be parsed for admins.

● Global search bases can now include any part of the forest (in addition to Forest, Domain & OU)

● Profiler now automatically discovers pre-win2k domain names for integrated authentication.This feature requires that the machine that Profiler is installed on be a member of the forest.

● Profiler is now more than 50% more responsive as a result of template caching routines added. The cache is stored in \Profiler\data\session. No additional configuration or administration is needed.

● Resource Forest support has been added. This is tailored towards Application Service Providers (ASPs) who host Exchange in a different forest than the client forest. Profiler users can now edit their matching disabled objects in the resource forest with no additional authentication. This is automatically enabled by Profiler when it detects a resource forest configuration. This feature requires that the machine that Profiler is installed on be a member of the forest and that integrated authentication is enabled in IIS.

● A new template (unlock.tmpl) has been added. This template is shown when the user needs to unlock their own account.

● New default templates for non-Exchange environments have been added.● New mode for single line text fields has been added. edithide will convert single line text fields

to password type fields where the input is hidden by asterisks. The password recovery and unlock templates now use this functionality.

v5.1.501/02/2008

Bug Fixes● Profiler now discovers forests with one domain correctly.● Fix bug in global searches. Searching for 'All Types' would not return any results.

Enhancements● Profiler now works with ALL domains in a forest. This includes non-child domains.● Profiler administrators can now unlock accounts.



● A new set of templates has been added for Forests without Exchange schema modifications.● Create object interface has been cleaned up.● Profiler now recognizes expired passwords and prompts user to reset the password.● Configuration screens now have a link to Directory Wizards support as well as product

documentation.

v5.111/11/2007

Bug Fixes● Fixed photo display issue in Internet Explorer.● Set default binary object size to 102400 for attributes with no size definition in the schema.● Alternative template selection was not being recognized. Everything used the default template.

Custom templates for profiler.cgi can now be created and used.● Blank macro values are now supported. ● Country settings now propagate to the outlook address view.

Enhancements● DN Attributes (manager, seealso etc) can now be formated with a config option found in

config.cgi/General/DN Attribute Format.● Support for Microsoft time/date style attributes (account expiration) has been added.● Added crash.log functionality for debugging purposes. ● You no longer need to specify individual servers for each domain controller (and GC). By

setting the host to automatic, Profiler will seek out the nearest server available.● Template enhancements:

master.js and master.css have been moved to the individual template directories. Rather than being in \profiler\cgi\templates they are now in the custom template directories: \profiler\cgi\templates\default.favicon.ico is now supported and should be installed in the custom template directory \profiler\cgi\templates\default.

● Profiler can now view/use non-child domains in a forest. All searches can be done to child domains as well as non-child domains. No extra configuration necessary.

● Reverse DNS support is no longer required for Profiler to auto-discover a forest.



Profiler - UPMC Life Changing Medicine · account recovery, password management, object creation,...

Documents

Transcript of Profiler - UPMC Life Changing Medicine · account recovery, password management, object creation,...