Friday, December 7, 2007

Avoid Adobe (Macromedia) Contribute

The Contribute (web) Publishing System has huge shortcomings in any reasonably sized environment. The standard install uses unencrypted LDAP queries to authenticate with Active Directory. Plain text logins like this should have gone away years ago. Implementation of LDAPS for secure authentication in Contribute is done via arcane java commands.

Once you get a secure connection running you must ensure that the email address field in AD is complete. That's the (un-configurable) field used as the key in the CPS database to check a user's permissions.

The need for this configuration assumes that you can get the server to run at all. There seems to be some conflict between the Contribute service and the ColdFusion service when using a secure connection. The 2 services to not automatically restart when the server restarts.

Bottom line: avoid Contribute. There are better ways to allow a novice user to update a webpage without sacrificing the security of your entire network.

No comments: