Versions Compared

Version Old Version 1 New Version 2
Changes made by

Copy Page Tree

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
themeRDark
vi /app/ui/MonTier-UI/conf/server.xml

todo: HK montier-ui?

Disabling DB registry

...

  1. Run the following command (Replace <CLEAR-TEXT-PASSWORD> with your password): todo:HK montier-ui

    Code Block
    languagebash
    themeRDark
     

    The system will create an encrypted password and display the result in the following format:

    <CLEAR-TEXT-PASSWORD>:<ENCRYPTED-PASSWORD>

     

  2. Modify the JNDIRealm XML element (this is the element discussed above)

    Code Block
    languagebash
    themeRDark
    <Realm className="org.apache.catalina.realm.JNDIRealm"
   ...
   connectionPassword="<ENCRYPTED-PASSWORD>"
   digest="MD5"
   ...
/>

...

  1. The default password for the JVM TrustStore is “changeit”, and you should change it to a new password

    Code Block
    languagebash
    themeRDark
    Keytool -storepasswd -keystore /app/java/jre/lib/security/cacerts 

Enter keystore password:  <old password>
New keystore password: <new password>
Re-enter new keystore password: <new password>
                       

  2. Import the LDAP / CA certificate to the JVM trustStore. You can either import a self signed certificate, or the CA certificate that signed the LDAP certificate.

    Code Block
    languagebash
    themeRDark
    Keytool -import -v -noprompt -trustcacerts -file <certificate file location > -keystore /app/java/jre/lib/security/cacerts -storepass <key store password>
                       
  3.  Change the LDAP URL in both UI application server and DPOD system parameters (via DPOD Console)

    1. Edit server.xml to use the SSL port (The default SSL port for Active directory is 686). todo:hk montier-ui

      Code Block
      languagebash
      themeRDark
       

      and then

      Code Block
      languagebash
      themeRDark
      <Realm className="org.apache.catalina.realm.JNDIRealm"
 connectionURL="ldaps://<LDAP Server Host>:686"
 alternateURL="ldaps://<LDAP Server Host>:389"
 referrals="ignore"
 connectionName="CN=...,OU=...,DC=..."
    2. Change LDAP Connection URL in DPOD's UI Console to use LDAPS. Use the SSL port (The default for Active directory for Global catalog is 3269).
      example : ldaps://ldap-server:3269
       

  4. Restart the DPOD Console
    DPOD Console must be restarted so LDAP configuration becomes effective.

    Code Block
    languagebash
    themeRDark
    stop_services.sh -o ui
start_services.sh -o ui

...