test

Sun Java System Web Server 7.0 Update 3 Administrator's Guide

Configuring LDAP Authentication for Administration Server

The Administration Server allows only one predefined administrator login and does not allow user group management. Hence, if multiple users have to login to the Administration Server, LDAP authentication is used. You can login to the Administration Server by using your LDAP userid and password through Administration Console or CLI.

Note –

The Administration server by default allows only users belonging to the group wsadmin to login. Thus, while enabling LDAP authentication, the administrator can define a list of groups, other than wsadmin whose members will be allowed to login.

The LDAP auth-db can also be manually configured to allow Administration Server authenticate with LDAP as shown below:


<default-auth-db-name>ldap</default-auth-db-name>

<auth-db>
<name>ldap</name>
<url>ldap://ooooxxxxooooo.india.sun.com:389/dc963dindia,dc963dsun,dc963dcom</url>
<property>
<name>bindpw</name>
<value>YWRtaW5hZG1pbg==</value>
<encoded>true</encoded>
</property>
<property>
<name>binddn</name>
<value>cn=Directory Manager</value>
</property>
</auth-db>

ProcedureTo Configure LDAP Authentication

  1. Login to Administration Console.

  2. Click Nodes tab to view a list of nodes configured in the server.

  3. Click on the Administration Node from the list.

  4. Select Authentication from Administration Server - General Settings page.

  5. Select Use LDAP Authentication button.

    Note –

    The Use LDAP Authentication is enabled only for Administration Server.

  6. Enter LDAP authentication information.

    By entering the user groups in the Allowed Groups text field, the administrator enables or disables LDAP authentication to the group.

  7. Click the Save button.

    Note –

    Using CLI

    • For enabling Administration Server to authenticate against LDAP server, execute the following command.


      wadm enable-admin-ldap-auth --user=admin --host=serverhost 
--password-file=../admin.passwd --port=8989 --ssl=true --no-prompt rcfile=null 
--ldap-url=ldap://serverhost.com:3950/dc=xyz,dc=xyz,dc=xyz 
--bind-dn=cn="Directory Manager"


      wadm enable-admin-ldap-auth --user=admin --host=serverhost 
--password-file=../admin.passwd --port=8989 --ssl=true 
--ldap-url=ldap://serverhost:port/dc=acme,dc=com 
--allow-group="group1,group2,group3"

      See CLI Reference, enable-admin-ldap-auth(1)

    • For disabling Administration authentication to LDAP server execute the following command.


      wadm disable-admin-ldap-auth --user=admin --host=serverhost 
--password-file=../admin.passwd --port=8989 --ssl=true --no-prompt --rcfile=null

      See CLI Reference, disable-admin-ldap-auth(1)

    • For displaying Administration LDAP authentication properties execute the following command.


      wadm get-admin-ldap-auth-prop --user=admin --host=serverhost 
--password-file=../admin.passwd --port=8989 --ssl=true --no-prompt rcfile=null


      wadm get-admin-ldap-auth-prop --user=admin 
--host=serverhost --password-file=../admin.passwd --port=8989 --ssl=true 
--no-prompt rcfile=null allow-group

      See CLI Reference, get-admin-ldap-auth-prop(1)