Versions Compared

Version Old Version 20 New Version 21
Changes made by

Amit Munwes

Amit Munwes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In case of enabling LDAP, the script uses a user-provided parameters file with the desired configuration. It verifies the configuration, update updates the configuration database and files and restarts the necessary services.

...

ParameterDescription

builtinRoleMethod

Should be "user_attribute" (for scenario A) or "group_attribute" (for scenario B).
e.g. group_attribute

testUserNameThe username of a user for testing
e.g. adminford
testUserPassword

The password of a user for testing
Note: This password is used only for testing and is not stored in the configuration database and files
e.g. pass123

connectionUrlLDAP server URL. Use ldap:// prefix for non-SSL connection and ldaps:// prefix for SSL connection.
e.g. ldap://192.168.110.15:389
referrals

Follow or ignore LDAP referrals (follow/ignore)
e.g. ignore

connectionNameQuery user distinguished name (DN)
e.g. cn=LDAP Query User,ou=people,dc=example,dc=org
connectionPasswordQuery user password
Note: This password will be encrypted and stored in the configuration filedatabase and files
e.g. pass123

userSearchBase

User search base entry
e.g. ou=people,dc=example,dc=org
userSearchSubtreeUser search query sub-tree (true/false)
e.g. true
userSearchFilter

User search filter
Use {0} as a placeholder for the user name entered in the login screen
e.g. (&(objectClass=person)(sAMAccountName={0}))

groupSearchBase

Group search base entry
e.g. ou=groups,dc=example,dc=org

groupSearchSubtree

Group search query sub-tree (true/false)
e.g. true

groupSearchFilter

Group search filter
Use {0} as a placeholder for the full DN of the user found in the LDAP server
e.g. (&(objectClass=groupOfUniqueNames)(uniqueMember={0}))

groupSearchNested

Nested groups (true/false)
e.g. true

groupRoleAttributeName

Group entry role attribute name
e.g. cn

userRoleAttributeName

For scenario A only
User entry role attribute name
e.g. "DPODRole"

...

For an invalid LDAP configuration, the command's output should might be:

Code Block
languagebash
themeRDark
28/06/2018 15:28:02,902- INFO   Starting LDAP Utilities
28/06/2018 15:28:02,909- INFO   Reading user parameters file, path=./LDAP_parameters.properties

28/06/2018 15:28:02,912- INFO   This utility is about to connect to the LDAP registry to test the configuration.
28/06/2018 15:28:02,912- INFO   Please confirm connecting to the LDAP registry (y,n):
y
28/06/2018 15:28:03,638- INFO   Connecting to the LDAP sever, connectionUrl=ldap://wrong-server:10389
28/06/2018 15:28:06,663- ERROR   The operation failed. See log file for more details.

Inspect In case of failure, inspect the log file for detailed test failure messages. The log files are file is located in /logs/ui/app_ldap_utilities.log.

Change the LDAP configuration in the parameters file and rerun the script until tests are successful.

...

Code Block
languagebash
themeRDark
cd /app/utils/
/app/scripts/app_ldap_utilities.sh -d

...