Modifying the ldap-conf.xml configuration file (Sun ONE Directory Server) - HxGN EAM - Version 11.07.01 - Installation & Upgrade

HxGN EAM Installation Guide

Language
English
Product
HxGN EAM
Search by Category
Installation & Upgrade
HxGN EAM Version
11.7.1

Modify the ldap-conf.xml configuration file to define parameters for the LDAP server.

See the sample ldap-conf.xml below for more information.

<?xml version="1.0" encoding="UTF-8"?>

<!--Sample XML file generated by XMLSPY v5 rel. 4 U (http://www.xmlspy.com)-->

<ldap-conf xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="ldap- conf.xsd">

<server>

<host>myserver.datastream.net</host>

<open-port enabled="true">389</open-port>

<secure-port enabled="false">0</secure-port>

<search-base>dc=datastream,dc=net</search-base>

<server-type>sun1</server-type>

</server>

<search type="full">

<dir-list>

<dir>cn=G1,ou=Org1,dc=ulberg,dc=deu</dir>

<dir>cn=G2,ou=Org1,dc=ulberg,dc=deu</dir>

</dir-list>

</search>

<role type="by-directory">

<attribute-name>attrole</attribute-name>

<translations>

<translation name="cn=G1,ou=O1,dc=datastream,dc=net">Role1</translation>

<translation name="cn=G2,ou=O1,dc=datastream,dc=net">Role2</translation>

</translations>

</role>

</ldap-conf>

  1. Copy the ldap-conf.xml file from the [APP_HOME]\depconfig\templates\mp_subsystem.ear\conf directory to the [APP_HOME]/overrides/ldap/ directory, and then open the ldap-conf.xml file in a text editor.

    Your ldap-conf.xml file may have already been re-located to this location:[APP_HOME]/overrides/ldap/ldap-conf.xml.

  2. Locate the <server> node section of the XML document, and then modify the following elements:

    <host> - Specify the name of the host on which the LDAP server is running.

    <open-port> - Specify the number of the port used for open (not encrypted) communication. Only use this port if the "enabled" attribute is set to "true". Set this value to 389.

    <secure-port> - Specify the number of the port used for secure (SSL-enabled port) communication. Disable this port and set it to 0.

    <search-base> - Specify the root element of the LDAP tree. You can find the name using Sun One Server Console. See the configuration file above.

  3. Locate the <search> node section of the XML document. The <search> node defines the strategy used by the LDAP client to locate user in the LDAP tree. Modify the <search> tag by entering one of the following elements:

Option

Description

Full Search

To configure the LDAP client for this type of search, the tag should be specified in the following form: <search type="full">. Full search presumes that the client has read access to the whole LDAP tree. In this case, the search starts from the top node of the tree and continues as long as the first user is found. This is the most widely used case.

By director

The search tag should be configured in the following way: <search type="by-directory">. Use this feature if the client’s LDAP installation will be configured for tighter security and only certain predefined directories are available for search. The list of the available directories for search directives should follow embedded into the <dir-list> tags.

Role discovery

A default user role defines for HxGN EAM the default setup for a new user when logging in through LDAP the first time. You must provide this role in the LDAP response for this feature to work. Discover the default user role by mapping the LDAP properties to the predefined role. Current implementation supports two role mapping mechanisms: by attribute and by directory

Role discovery by attribute

In this case, the user defined in the LDAP has a special attribute associated with the role. To perform role discovery:

  1. Define the following tag <role type="by-attribute"> in the configuration file.

  2. Define the name of the dedicated LDAP attribute using the following tag: <at tribute-name>attrole</attribute-name>.

    Role discovery by directory

    The association is based on the assumption that all LDAP users from the same LDAP directory will share the same role. Define only the mapping between the LDAP directory and HxGN EAM role. To use this mechanism of the role discovery:

  3. Define the following tag <role type="by-directory"> in the configuration file.

  4. Define the translation list that will map the name of the LDAP directory to the HxGN EAM role (see example above).

  1. Save and exit the file.

  2. Run command

    deploy.bat (Windows)

    or

    deploy.sh (Unix)