Versions Compared

Version Old Version 21 New Version Current
Changes made by

Amit Munwes

Assaf Cohen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

DPOD includes an LDAP configuration script for easy configuration of DPOD to use an LDAP user registry.
In case of enabling LDAP, the The script uses a user-provided parameters file with the desired configuration. It verifies the configuration, updates the configuration database and files and restarts the necessary services.

It can also disable the LDAP configuration in order to rollback to the internal database registry.

Please make sure to gather all the information listed in Planning LDAP Configuration, which includes detailed explanation on all the parameters.

Parameters File

A template of the LDAP parameters file is provided at /app/utils/LDAP_parameters.properties.

...

ParameterDescription

builtinRoleMethod

Should be "user_attribute" (for scenario A) or "group_attribute" (for scenario B).
e.g. group_attribute

testUserNameThe username user name of a user for testing
e.g. adminford
testUserPassword

The password of a user for testing
Note: This password is used only for testing and is not stored in the configuration database and files
e.g. pass123

connectionUrlLDAP server URL including port. Use ldap:// prefix for non-SSL connection and ldaps:// prefix for SSL connection.
e.g. ldap://192.168.110.15:389
referrals

Follow or ignore Whether LDAP referrals should be followed or ignored (follow/ignore)
e.g. ignore

connectionNameQuery user distinguished name (DN)
e.g. cn=LDAP Query User,ou=people,dc=example,dc=org
connectionPasswordQuery user password
Note: This password will be encrypted and stored in the configuration database and files
e.g. pass123

userSearchBase

User search base entry
e.g. ou=people,dc=example,dc=org
userSearchSubtreeUser search query sub-tree (true/false)
e.g. true
userSearchFilter

User search filter
Use {0} as a placeholder for the user name entered in the login screen
e.g. (&(objectClass=person)(sAMAccountName={0}))

groupSearchBase

Group search base entry
e.g. ou=groups,dc=example,dc=org

groupSearchSubtree

Group search query search sub-tree (true/false)
e.g. true

groupSearchFilter

Group search filter
Use {0} as a placeholder for the full DN of the user found in the LDAP server
e.g. (&(objectClass=groupOfUniqueNames)(uniqueMember={0}))

groupSearchNested

Nested groups Group search nested (true/false)
e.g. true

groupRoleAttributeName

Group entry role attribute name
e.g. cn

userRoleAttributeName

For scenario A only
User entry role attribute name
e.g. "DPODRole"

...

For a valid LDAP configuration the command's output should be:

Code Block
languagebashtext
themeRDark
28/06/2018 15:24:04,283- INFO   Starting LDAP Utilities
28/06/2018 15:24:04,290- INFO   Reading user parameters file, path=./LDAP_parameters.properties

28/06/2018 15:24:04,293- INFO   This utility is about to connect to the LDAP registry to test the configuration.
28/06/2018 15:24:04,293- INFO   Please confirm connecting to the LDAP registry (y,n):
y
28/06/2018 15:24:05,310- INFO   Connecting to the LDAP sever, connectionUrl=ldap://ldap-server:10389
28/06/2018 15:24:05,329- INFO   Connected to LDAP server successfully
28/06/2018 15:24:05,330- INFO   Searching for test user, testUserName=test
28/06/2018 15:24:05,336- INFO   Test user found successfully, DN=cn=test,ou=people,dc=example,dc=org
28/06/2018 15:24:05,338- INFO   Connecting to the LDAP sever using test user DN and password
28/06/2018 15:24:05,344- INFO   Connected to LDAP server using test user DN and password successfully
28/06/2018 15:24:05,345- INFO   Searching for test user groups
28/06/2018 15:24:05,365- INFO   Found 3 test user groups with the group name attribute
28/06/2018 15:24:05,368- INFO   Searching for a groups attribute since builtin role method is group_attribute
28/06/2018 15:24:05,476- INFO   Tested LDAP configuration against LDAP registry successfully
28/06/2018 15:24:05,476- INFO   The operation completed successfully

For an invalid LDAP configuration, the command's output might be:

Code Block
languagebashtext
themeRDark
28/06/2018 15:28:02,902- INFO   Starting LDAP Utilities
28/06/2018 15:28:02,909- INFO   Reading user parameters file, path=./LDAP_parameters.properties

28/06/2018 15:28:02,912- INFO   This utility is about to connect to the LDAP registry to test the configuration.
28/06/2018 15:28:02,912- INFO   Please confirm connecting to the LDAP registry (y,n):
y
28/06/2018 15:28:03,638- INFO   Connecting to the LDAP sever, connectionUrl=ldap://wrong-server:10389
28/06/2018 15:28:06,663- ERROR   The operation failed. See log file for more details.

...

The command output should be:

Code Block
languagebashtext
themeRDark
28/06/2018 15:30:50,085- INFO   Starting LDAP Utilities
28/06/2018 15:30:50,093- INFO   Reading user parameters file, path=./LDAP_parameters.properties

28/06/2018 15:30:50,097- INFO   This utility is about to connect to the LDAP registry to test the configuration.
28/06/2018 15:30:50,097- INFO   Please confirm connecting to the LDAP registry (y,n):
y
28/06/2018 15:30:51,915- INFO   Connecting to the LDAP sever, connectionUrl=ldap://ldap-server:10389
28/06/2018 15:30:51,932- INFO   Connected to LDAP server successfully
28/06/2018 15:30:51,933- INFO   Searching for test user, testUserName=test
28/06/2018 15:30:51,938- INFO   Test user found successfully, DN=cn=test,ou=people,dc=example,dc=org
28/06/2018 15:30:51,939- INFO   Connecting to the LDAP sever using test user DN and password
28/06/2018 15:30:51,944- INFO   Connected to LDAP server using test user DN and password successfully
28/06/2018 15:30:51,945- INFO   Searching for test user groups
28/06/2018 15:30:51,955- INFO   Found 3 test user groups with the group name attribute
28/06/2018 15:30:51,956- INFO   Searching for a groups attribute since builtin role method is group_attribute
28/06/2018 15:30:52,006- INFO   Tested LDAP configuration against LDAP registry successfully

28/06/2018 15:30:52,006- INFO   This utility is about to update the UI service configuration to work with LDAP registry.
28/06/2018 15:30:52,007- INFO   To apply the new configuration, the UI service will be restarted afterwards.
28/06/2018 15:30:52,008- INFO   Please confirm the configuration update (y,n):
y
28/06/2018 15:30:53,586- INFO   Enabling LDAP configuration in database
28/06/2018 15:30:53,949- INFO   Enabled LDAP configuration in database successfully
28/06/2018 15:30:53,951- INFO   Creating a backup of UI server configuration file server.xml, backupFilePath=/app/ui/MonTier-UI/conf/server.xml.2018-06-28-153053
28/06/2018 15:30:53,957- INFO   Created a backup of UI server configuration file server.xml successfully
28/06/2018 15:30:53,958- INFO   Enabling LDAP configuration in UI server configuration file server.xml
28/06/2018 15:30:54,036- INFO   Enabled LDAP configuration in UI server configuration file server.xml successfully

28/06/2018 15:30:54,037- INFO   To apply the new configuration, the UI service needs to be restarted.
28/06/2018 15:30:54,037- INFO   Please confirm the UI service restart (y,n):
y
28/06/2018 15:30:56,345- INFO   Restarting UI server
28/06/2018 15:30:56,630- INFO   Restarted UI server successfully
28/06/2018 15:30:56,630- INFO   The operation completed successfully

...

The command output should be:

Code Block
languagebashtext
themeRDark
28/06/2018 15:36:08,878- INFO   Starting LDAP Utilities

28/06/2018 15:36:08,897- INFO   This utility is about to update the UI service configuration to work with its local user registry.
28/06/2018 15:36:08,897- INFO   To apply the new configuration, the UI service will be restarted afterwards.
28/06/2018 15:36:08,897- INFO   Please confirm the configuration update (y,n):
y
28/06/2018 15:36:12,465- INFO   Disabling LDAP configuration in database
28/06/2018 15:36:12,711- INFO   Disabled LDAP configuration in database successfully
28/06/2018 15:36:12,713- INFO   Creating a backup of UI server configuration file server.xml, backupFilePath=/app/ui/MonTier-UI/conf/server.xml.2018-06-28-153612
28/06/2018 15:36:12,725- INFO   Created a backup of UI server configuration file server.xml successfully
28/06/2018 15:36:12,726- INFO   Disabling LDAP configuration in UI server configuration file server.xml
28/06/2018 15:36:12,808- INFO   Disabled LDAP configuration in UI server configuration file server.xml successfully

28/06/2018 15:36:12,808- INFO   To apply the new configuration, the UI service needs to be restarted.
28/06/2018 15:36:12,810- INFO   Please confirm the UI service restart (y,n):
y
28/06/2018 15:36:13,625- INFO   Restarting UI server
28/06/2018 15:36:16,792- INFO   Restarted UI server successfully
28/06/2018 15:36:16,793- INFO   The operation completed successfully

...