Documentation | Support

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using eDirectory Agent for Transparent User Identification > Components used for transparent identification with eDirectory Agent
Components used for transparent identification with eDirectory Agent
Using eDirectory Agent | Web Protection Solutions | v8.4.x, v8.5.x | 29-Apr-2022
Transparent user identification with eDirectory Agent involves the following components.
eDirectory Agent
eDirectory Agent queries Novell eDirectory for user logon session information at a given interval. eDirectory Agent associates each authenticated user with an IP address, and records user name-to-IP-address pairings to a local user map. This user map is also written to a backup file named eDirAgent.bak.
eDirectory Agent supplies this information to Filtering Service for use in applying policies to requests.
eDirectory Agent uses the following files.
File name
Location
Functionality
eDirectoryAgent.exe
Websense\Web Security\bin\ or
/opt/Websense/
The eDirectory Agent executable.
Collects user logon information from Novell eDirectory Server.
Sends user logon data to Filtering Service.
wsedir.ini
Websense\Web Security\bin\ or
opt/Websense/
Contains eDirectory Agent initialization parameters.
eDirAgent.bak
Websense\Web Security\bin\ or
/opt/Websense/
Backup copy of eDirectory Agent's user name-to-IP address map.
Read at startup.
ignore.txt
(optional)
Websense\Web Security\bin\
/opt/Websense
Contains list of user names, machines, and user/machine pairs for eDirectory Agent to ignore.
Novell eDirectory
Novell eDirectory houses your organization's user accounts, and provides user authentication.
One instance of eDirectory Agent can support one Novell eDirectory master, plus any number of Novell eDirectory replicas. eDirectory Agent must be able to communicate with each machine running a replica of the directory service. This ensures that the agent gets the latest logon information as quickly as possible, and does not need to wait for eDirectory replication to occur.
User Service
Filtering Service queries User Service to get group information for user names in its copy of the user map. User Service queries Novell eDirectory for group information corresponding to those users, and sends the information to Filtering Service. Directory clients (users and groups) are then made available to the Forcepoint Security Manager so that policies can be assigned to those users and groups.
Filtering Service
Filtering Service receives user logon information from eDirectory Agent as users log on to the network. At each transmission, only the record of logon sessions established since the last transmission is sent back to the server. This includes new users logged on to existing machines and new users logged on to new machines.
Filtering Service receives user data in the form of user name/IP address pairs (originating from eDirectory Agent's map in local memory). When Filtering Service gets the IP address of a machine making an Internet request, it matches the address with the corresponding user name provided by eDirectory Agent, allowing users to be identified transparently whenever they make Internet requests. Filtering Service then applies the policies assigned to those users or groups.
When you are troubleshooting user identification problems, be sure to determine whether Filtering Service is getting the latest and most accurate user data from eDirectory Agent.
Filtering Service can be configured to prompt users to manually authenticate if they cannot be identified transparently. With manual authentication, users that do not provide a valid user name and password are blocked from Internet access.
If a user cannot be identified transparently and manual authentication is not enabled, Filtering Services applies a computer or network (IP address-based) policy, or on the Default policy.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Using eDirectory Agent for Transparent User Identification > Components used for transparent identification with eDirectory Agent
Copyright 2022 Forcepoint. All rights reserved.