EmpowerID’s Virtual Directory Service (VDS) provides a robust identity virtualization service with unified, enterprise-wide security by acting as an abstraction layer between disparate data stores, including: payroll systems, HR systems, Active Directory, custom applications and other sources. EmpowerID’s VDS allows applications to interact with these data sources, without being directly connected to them.
In this topic, we used the terms "Virtual Directory Service", "VDS", and "LDAP Server" interchangeably.
Installing and configuring the EmpowerID Virtual Directory Server involves the following:
Creating a SQL Login on the EmpowerID database for the VDS (see prerequisite information)
Extracting the LDAPServer.X.X.X.zip file you received from EmpowerID on your EmpowerID server and executing the LDAPServer.msi.
Installing Node by executing the Node.X.X.X.msi included with the Virtual Directory Server.
Installing the Forever node module. The LDAP Server uses this module to keep the server up and running.
Editing the Config.txt file for your environment.
Adding to the LDAP Server the SQL password for the user you set in the prerequisites above, as well as a PFX certificate and the passphrase for the certificate—if you are using TLS.
Editing the index.js and Config.txt files for your environment.
Saving the SQL Login password in an encrypted file.
Starting the LDAP Server service.
SQL Login Prerequisite: As the LDAP Server authenticates users against the EmpowerID database, you need to provide it with a SQL login that has rights to the EmpowerID database. Expand the below drop-down for step-by-step directions on creating the login in SQL Server.
From the LDAP Server folder, open a command prompt and type node index.
You should see that the LDAP server is listening at the specified port and IP you set in the config.txt file earlier.
To stop the LDAP server, press CTRL and type c in the command window.
You should see that the LDAP server stops.
To create a profile for EmpowerID in the LDAP browser
From your LDAP browser, click New > New Profile.
In the Profile Creation Wizard that appears, enter a name for the profile in the Profile Name textbox and then press the ENTER key.
In step 2 of the Profile Creation Wizard, verify the host information and then click Next.
In step 3 of the Profile Creation Wizard, click the Browse button to the right of the Principal field.
This opens the Browse for User DN dialog, which allows you to select the EmpowerID Person authenticated to the EmpowerID LDAP Server.
In the Browse for USER DN dialog, expand o=empowerid > cn=people, select the appropriate EmpowerID Person, and click OK to close the dialog.
In the Profile Creation Wizard, click Next to continue.
Verify the LDAP settings for the profile and then click Finish to add the profile to the LDAP browser.
You should now see a virtual directory for the default view of the EmpowerID database as determined by the LDAP Server configuration file. If desired, you can customize this file to return more or less data.