Modify the ldap-conf.xml configuration file to define parameters for the LDAP server.
See the sample ldap-conf.xml below for more information.
<?xml version="1.0" encoding="UTF-8"?>
<!--Sample XML file generated by XMLSPY v5 rel. 4 U (http://www.xmlspy.com)-->
<ldap-conf xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="ldap- conf.xsd">
<server>
<host>myserver.datastream.net</host>
<open-port enabled="true">389</open-port>
<secure-port enabled="false">0</secure-port>
<search-base>dc=datastream,dc=net</search-base>
<server-type>sun1</server-type>
</server>
<search type="full">
<dir-list>
<dir>cn=G1,ou=Org1,dc=ulberg,dc=deu</dir>
<dir>cn=G2,ou=Org1,dc=ulberg,dc=deu</dir>
</dir-list>
</search>
<role type="by-directory">
<attribute-name>attrole</attribute-name>
<translations>
<translation name="cn=G1,ou=O1,dc=datastream,dc=net">Role1</translation>
<translation name="cn=G2,ou=O1,dc=datastream,dc=net">Role2</translation>
</translations>
</role>
</ldap-conf>
-
Copy the ldap-conf.xml file from the [APP_HOME]\depconfig\templates\mp_subsystem.ear\conf directory to the [APP_HOME]/overrides/ldap/ directory, and then open the ldap-conf.xml file in a text editor.
Your ldap-conf.xml file may have already been re-located to this location:[APP_HOME]/overrides/ldap/ldap-conf.xml.
-
Locate the <server> node section of the XML document, and then modify the following elements:
<host> - Specify the name of the host on which the LDAP server is running.
<open-port> - Specify the number of the port used for open (not encrypted) communication. Only use this port if the "enabled" attribute is set to "true". Set this value to 389.
<secure-port> - Specify the number of the port used for secure (SSL-enabled port) communication. Disable this port and set it to 0.
<search-base> - Specify the root element of the LDAP tree. You can find the name using Sun One Server Console. See the configuration file above.
-
Locate the <search> node section of the XML document. The <search> node defines the strategy used by the LDAP client to locate user in the LDAP tree. Modify the <search> tag by entering one of the following elements:
Option |
Description |
---|---|
Full Search |
To configure the LDAP client for this type of search, the tag should be specified in the following form: <search type="full">. Full search presumes that the client has read access to the whole LDAP tree. In this case, the search starts from the top node of the tree and continues as long as the first user is found. This is the most widely used case. |
By director |
The search tag should be configured in the following way: <search type="by-directory">. Use this feature if the client’s LDAP installation will be configured for tighter security and only certain predefined directories are available for search. The list of the available directories for search directives should follow embedded into the <dir-list> tags. |
Role discovery |
A default user role defines for HxGN EAM the default setup for a new user when logging in through LDAP the first time. You must provide this role in the LDAP response for this feature to work. Discover the default user role by mapping the LDAP properties to the predefined role. Current implementation supports two role mapping mechanisms: by attribute and by directory Role discovery by attribute In this case, the user defined in the LDAP has a special attribute associated with the role. To perform role discovery:
|
-
Save and exit the file.
-
Run command
deploy.bat (Windows)
or
deploy.sh (Unix)