DPOD includes an LDAP configuration script for easy configuration of DPOD to use an LDAP user registry.
The script uses a user-provided parameters file with the desired configuration. It verifies the configuration, updates the configuration database and files and restarts the necessary services.

It can also disable the LDAP configuration in order to rollback to the internal database registry.

Please make sure to gather all the information listed in Planning LDAP Configuration, which includes detailed explanation on all the parameters.

Parameters File

A template of the LDAP parameters file is provided at /app/utils/LDAP_parameters.properties.

It is recommended to backup the file before modifying it:

cp /app/utils/LDAP_parameters.properties /app/utils/LDAP_parameters.properties.orig

Edit the parameters file and set the following parameters based on the information that was collected in Planning LDAP Configuration:

Parameter	Description
builtinRoleMethod	Should be "user_attribute" (for scenario A) or "group_attribute" (for scenario B). e.g. group_attribute
testUserName	The user name of a user for testing e.g. adminford
testUserPassword	The password of a user for testing Note: This password is used only for testing and is not stored in the configuration database and files e.g. pass123
connectionUrl	LDAP server URL including port. Use ldap:// prefix for non-SSL connection and ldaps:// prefix for SSL connection. e.g. ldap://192.168.110.15:389
referrals	Whether LDAP referrals should be followed or ignored (follow/ignore) e.g. ignore
connectionName	Query user distinguished name (DN) e.g. cn=LDAP Query User,ou=people,dc=example,dc=org
connectionPassword	Query user password Note: This password will be encrypted and stored in the configuration database and files e.g. pass123
userSearchBase	User search base entry e.g. ou=people,dc=example,dc=org
userSearchSubtree	User search sub-tree (true/false) e.g. true
userSearchFilter	User search filter Use {0} as a placeholder for the user name entered in the login screen e.g. (&(objectClass=person)(sAMAccountName={0}))
groupSearchBase	Group search base entry e.g. ou=groups,dc=example,dc=org
groupSearchSubtree	Group search sub-tree (true/false) e.g. true
groupSearchFilter	Group search filter Use {0} as a placeholder for the full DN of the user found in the LDAP server e.g. (&(objectClass=groupOfUniqueNames)(uniqueMember={0}))
groupSearchNested	Group search nested (true/false) e.g. true
groupRoleAttributeName	Group role attribute name e.g. cn
userRoleAttributeName	For scenario A only User role attribute name e.g. "DPODRole"

Testing LDAP Configuration

In order to test LDAP configuration, use the following command:

cd /app/utils/
/app/scripts/app_ldap_utilities.sh -f ./LDAP_parameters.properties

For a valid LDAP configuration the command's output should be:

28/06/2018 15:24:04,283- INFO   Starting LDAP Utilities
28/06/2018 15:24:04,290- INFO   Reading user parameters file, path=./LDAP_parameters.properties

28/06/2018 15:24:04,293- INFO   This utility is about to connect to the LDAP registry to test the configuration.
28/06/2018 15:24:04,293- INFO   Please confirm connecting to the LDAP registry (y,n):
y
28/06/2018 15:24:05,310- INFO   Connecting to the LDAP sever, connectionUrl=ldap://ldap-server:10389
28/06/2018 15:24:05,329- INFO   Connected to LDAP server successfully
28/06/2018 15:24:05,330- INFO   Searching for test user, testUserName=test
28/06/2018 15:24:05,336- INFO   Test user found successfully, DN=cn=test,ou=people,dc=example,dc=org
28/06/2018 15:24:05,338- INFO   Connecting to the LDAP sever using test user DN and password
28/06/2018 15:24:05,344- INFO   Connected to LDAP server using test user DN and password successfully
28/06/2018 15:24:05,345- INFO   Searching for test user groups
28/06/2018 15:24:05,365- INFO   Found 3 test user groups with the group name attribute
28/06/2018 15:24:05,368- INFO   Searching for a groups attribute since builtin role method is group_attribute
28/06/2018 15:24:05,476- INFO   Tested LDAP configuration against LDAP registry successfully
28/06/2018 15:24:05,476- INFO   The operation completed successfully

For an invalid LDAP configuration, the command's output might be:

28/06/2018 15:28:02,902- INFO   Starting LDAP Utilities
28/06/2018 15:28:02,909- INFO   Reading user parameters file, path=./LDAP_parameters.properties

28/06/2018 15:28:02,912- INFO   This utility is about to connect to the LDAP registry to test the configuration.
28/06/2018 15:28:02,912- INFO   Please confirm connecting to the LDAP registry (y,n):
y
28/06/2018 15:28:03,638- INFO   Connecting to the LDAP sever, connectionUrl=ldap://wrong-server:10389
28/06/2018 15:28:06,663- ERROR   The operation failed. See log file for more details.

In case of failure, inspect the log file for detailed failure messages. The log file is located in /logs/ui/app_ldap_utilities.log.

Change the LDAP configuration parameters and rerun the script until tests are successful.

Updating LDAP Configuration

Once LDAP configuration has been tested and found valid, use the following command to perform the change in the configuration database and files:

cd /app/utils/
/app/scripts/app_ldap_utilities.sh -f ./LDAP_parameters.properties -u

Ensure DPOD's services are up and running before updating the LDAP configuration.

The command output should be:

28/06/2018 15:30:50,085- INFO   Starting LDAP Utilities
28/06/2018 15:30:50,093- INFO   Reading user parameters file, path=./LDAP_parameters.properties

28/06/2018 15:30:50,097- INFO   This utility is about to connect to the LDAP registry to test the configuration.
28/06/2018 15:30:50,097- INFO   Please confirm connecting to the LDAP registry (y,n):
y
28/06/2018 15:30:51,915- INFO   Connecting to the LDAP sever, connectionUrl=ldap://ldap-server:10389
28/06/2018 15:30:51,932- INFO   Connected to LDAP server successfully
28/06/2018 15:30:51,933- INFO   Searching for test user, testUserName=test
28/06/2018 15:30:51,938- INFO   Test user found successfully, DN=cn=test,ou=people,dc=example,dc=org
28/06/2018 15:30:51,939- INFO   Connecting to the LDAP sever using test user DN and password
28/06/2018 15:30:51,944- INFO   Connected to LDAP server using test user DN and password successfully
28/06/2018 15:30:51,945- INFO   Searching for test user groups
28/06/2018 15:30:51,955- INFO   Found 3 test user groups with the group name attribute
28/06/2018 15:30:51,956- INFO   Searching for a groups attribute since builtin role method is group_attribute
28/06/2018 15:30:52,006- INFO   Tested LDAP configuration against LDAP registry successfully

28/06/2018 15:30:52,006- INFO   This utility is about to update the UI service configuration to work with LDAP registry.
28/06/2018 15:30:52,007- INFO   To apply the new configuration, the UI service will be restarted afterwards.
28/06/2018 15:30:52,008- INFO   Please confirm the configuration update (y,n):
y
28/06/2018 15:30:53,586- INFO   Enabling LDAP configuration in database
28/06/2018 15:30:53,949- INFO   Enabled LDAP configuration in database successfully
28/06/2018 15:30:53,951- INFO   Creating a backup of UI server configuration file server.xml, backupFilePath=/app/ui/MonTier-UI/conf/server.xml.2018-06-28-153053
28/06/2018 15:30:53,957- INFO   Created a backup of UI server configuration file server.xml successfully
28/06/2018 15:30:53,958- INFO   Enabling LDAP configuration in UI server configuration file server.xml
28/06/2018 15:30:54,036- INFO   Enabled LDAP configuration in UI server configuration file server.xml successfully

28/06/2018 15:30:54,037- INFO   To apply the new configuration, the UI service needs to be restarted.
28/06/2018 15:30:54,037- INFO   Please confirm the UI service restart (y,n):
y
28/06/2018 15:30:56,345- INFO   Restarting UI server
28/06/2018 15:30:56,630- INFO   Restarted UI server successfully
28/06/2018 15:30:56,630- INFO   The operation completed successfully

Disabling LDAP Configuration

Use the following command to disable LDAP configuration in System Parameters:

cd /app/utils/
/app/scripts/app_ldap_utilities.sh -d

Ensure DPOD's services are up and running before disabling the LDAP configuration.

The command output should be:

28/06/2018 15:36:08,878- INFO   Starting LDAP Utilities

28/06/2018 15:36:08,897- INFO   This utility is about to update the UI service configuration to work with its local user registry.
28/06/2018 15:36:08,897- INFO   To apply the new configuration, the UI service will be restarted afterwards.
28/06/2018 15:36:08,897- INFO   Please confirm the configuration update (y,n):
y
28/06/2018 15:36:12,465- INFO   Disabling LDAP configuration in database
28/06/2018 15:36:12,711- INFO   Disabled LDAP configuration in database successfully
28/06/2018 15:36:12,713- INFO   Creating a backup of UI server configuration file server.xml, backupFilePath=/app/ui/MonTier-UI/conf/server.xml.2018-06-28-153612
28/06/2018 15:36:12,725- INFO   Created a backup of UI server configuration file server.xml successfully
28/06/2018 15:36:12,726- INFO   Disabling LDAP configuration in UI server configuration file server.xml
28/06/2018 15:36:12,808- INFO   Disabled LDAP configuration in UI server configuration file server.xml successfully

28/06/2018 15:36:12,808- INFO   To apply the new configuration, the UI service needs to be restarted.
28/06/2018 15:36:12,810- INFO   Please confirm the UI service restart (y,n):
y
28/06/2018 15:36:13,625- INFO   Restarting UI server
28/06/2018 15:36:16,792- INFO   Restarted UI server successfully
28/06/2018 15:36:16,793- INFO   The operation completed successfully

Manually Inspecting LDAP Configuration

Inspecting LDAP Configuration in Configuration File (server.xml)

Edit the server configuration file and look for the LDAPRealm element. This element contains all the configuration set automatically by the script.

vi /app/ui/MonTier-UI/conf/server.xml

Inspecting LDAP Configuration in System Parameters

Open the Web Console and navigate to System Parameters page [Manage→ System → System Parameters].

The LDAP configuration system parameters are listed under "LDAP" category.

Browser not supported