Versions Compared

Version Old Version 18 New Version 19
Changes made by

Former user

Avi Falah

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Edit the properties file and set the following properties based on the information that was collected in Planning LDAP Configuration:

PropertyDescription
dpod_ldap_methoddpodLdapMethod

Should be "user_attribute" (for scenario A) or "group_attribute" (for scenario B).
e.g. "group_attribute"

test_usertestUserThe username of a user for testing
e,g, "adminford"
test_user_passwordtestUserPasswordThe password of a user for testing
e.g. "pass123"
connectionURLPrimary LDAP server URL. Use ldap:// prefix for non-SSL connection and ldaps:// prefix for SSL connection.
e.g. "ldap://192.168.110.15:389"
alternateURLAlternate LDAP server URL. Use ldap:// prefix for non-SSL connection and ldaps:// prefix for SSL connection.
e.g. "ldap://192.168.110.16:389"
referrals

Follow or ignore LDAP referrals (follow/ignore)
e.g. "ignore" 

connectionNameQuery user distinguished name (DN)
e.g. "cn=LDAP Query User,ou=people,dc=example,dc=org"
connectionPasswordQuery user password
This password will be encrypted in the configuration file
e.g. "pass123"
userBaseUser base entry
e.g. "ou=people,dc=example,dc=org" 
userSubtreeUser query sub-tree (true/false)
e.g. "true"
userSearchUser search filter
Operators (e.g. "&") are escaped (e.g. "&")
{0} - a placeholder for the user name entered in the login screen
e.g. "(&(objectClass=person)(sAMAccountName={0}))"
userRoleName

For scenario A only
User entry attribute name
e.g. "DPOD_Role"

roleBase

For scenario B only
Group base entry
e.g. "ou=groups,dc=example,dc=org" 

roleSubtreeFor scenario B only
Role query sub-tree (true/false)
e.g. "true"
roleSearchFor scenario B only
Group search filter
Operators (e.g. "&") are escaped (e.g. "&")
{0} - a placeholder for the full DN of the authenticated user
{1} - a placeholder for the user name of the authenticated user
e.g. "(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))"
roleNestedFor scenario B only
Nested groups (true/false)
e.g. "true"
roleName

For scenario B only
Group entry attribute name
e.g. "cn"

LDAPConnectionURL

Primary LDAP server URL. Use ldap:// prefix for non-SSL connection and ldaps:// prefix for SSL connection.
e.g. "ldap://192.168.110.15:389"
(identical to the connectionURL property)

LDAPReferral

Follow or ignore LDAP referrals (follow/ignore)
e.g. "ignore"
(identical to the referrals property)

LDAPConnectionNameQuery user distinguished name (DN)
e.g. "cn=LDAP Query User,ou=people,dc=example,dc=org"
(identical to the connectionName property)
LDAPConnectionPASSWORD

Query user password
This password will be used just for testing, and will not be stored in System Parameters
e.g. "pass123"
(identical to the connectionPassword property)

LDAPUserBaseEntryUser base entry
e.g. "ou=people,dc=example,dc=org"
(identical to the userBase property)
LDAPUserSearchFilter

User search filter
Operators (e.g. "&") are NOT escaped (e.g. "&")
{0} - a placeholder for the user name entered in the login screen
e.g. "(&(objectClass=person)(sAMAccountName={0}))"
NOTE: This property is similar to the userSearch property, but is NOT identical.

LDAPGroupBaseEntry

Group base entry
e.g. "ou=groups,dc=example,dc=org"
(identical to the roleBase property) 

LDAPGroupSearchFilter

Group search filter
Operators (e.g. "&") are NOT escaped (e.g. "&")
{0} - a placeholder for the user name of the authenticated user
{1} - a placeholder for the full DN of the authenticated user
e.g. "(&(objectClass=groupOfUniqueNames)(uniqueMember={1}))"
NOTE: This property is similar to the roleSearch property, but is NOT identical. 

LDAPGroupNameAttribute

Group name attribute' name
e.g. "cn"
NOTE: This property might be different than roleName property, depending on the chosen builtin roles scenario. 

...

Code Block
languagebash
themeRDark
INFO: Testing LDAP configuration...
INFO: LDAP configuration tests finished successfully.
INFO: Updating LDAP configuration...
INFO: Original configuration file /app/ui/MonTier-UI/conf/server.xml was backed up to /app/ui/MonTier-UI/conf/server.xml_2018-04-15-162820
INFO: The operation completed successfully.

...

Code Block
languagebash
themeRDark
INFO: Testing LDAP configuration...
INFO: LDAP configuration tests finished successfully.
INFO: Updating LDAP configuration...
ERROR: LDAP parameters tests failed. Please check the log file, change the parameters and try again.
ERROR: The operation was aborted. See log file for more details.

...

Code Block
languagebash
themeRDark
INFO: Testing LDAP configuration...
INFO: LDAP configuration tests finished successfully.
INFO: Updating LDAP configuration...
INFO: Original configuration file /app/ui/MonTier-UI/conf/server.xml was backed up to /app/ui/MonTier-UI/conf/server.xml_20172018-04-17_13-12-28
INFO: LDAP configuration has been updated, but has NOT been enabled. To enable it:
INFO:   1. Manually edit server.xml, comment DataSourceRealm and uncomment LDAPRealm.
INFO:   2. Manually set 'LDAP Connection Password' System Parameter using the UI.
INFO:   3. Manually set 'Enable LDAP' System Parameter to 'true' using the UI.
INFO:   4. Restart the UI service.
INFO: See the product documentation for more details.
INFO: 15-162820
INFO: The operation completed successfully.

...

Note

After running this script, the LDAP configuration has been updated , but has not been and enabled.Follow the steps below to enable LDAP configuration

Please restart UI server from app-utils.sh menu in DPOD.

Enabling LDAP Configuration

...