Versions Compared

Version Old Version 6 New Version 7
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. The default password for the JVM TrustStore is “changeit”, and you should change it to a new password

    Code Block
    languagebash
    themeRDark
    Keytool -storepasswd -keystore /app/java/jre/lib/security/cacerts 

Enter keystore password:  <old password>
New keystore password: <new password>
Re-enter new keystore password: <new password>
                       

  2. Import the LDAP / CA certificate to the JVM trustStore. You can either import a self signed certificate, or the CA certificate that signed the LDAP certificate.

    Code Block
    languagebash
    themeRDark
    Keytool -import -v -noprompt -trustcacerts -file <certificate file location > -keystore /app/java/jre/lib/security/cacerts -storepass <key store password>
                       
  3.  Change the LDAP URL in both UI application server and DPOD system parameters (via DPOD Console)

    1. Edit server.xml to use the SSL port (The default SSL port for Active directory is 686). todo:hk montier-ui

      Code Block
      languagebash
      themeRDark
       vi /app/ui/MonTier-UI/conf/server.xml

      and then

      Code Block
      languagebash
      themeRDark
      <Realm className="org.apache.catalina.realm.JNDIRealm"
 connectionURL="ldaps://<LDAP Server Host>:686"
 alternateURL="ldaps://<LDAP Server Host>:389"
 referrals="ignore"
 connectionName="CN=...,OU=...,DC=..."
    2. Change LDAP Connection URL in DPOD's UI Web Console to  to use LDAPS. Use the SSL port (The default for Active directory for Global catalog is 3269).
      example : ldaps://ldap-server:3269
       

  4. Restart the DPOD Console
    DPOD Console must be restarted so LDAP configuration becomes effective.

    Code Block
    languagebash
    themeRDark
    stop_services.sh -o ui
start_services.sh -o ui

...