This section describes how to load LDAP server credentials into the Oracle Credentials Store (OCS).
Note
All credentials used by Oracle Commerce Guided Search implementations must be stored in OCS. Plaintext credentials are supported for backward compatibility but not for new application development.
User credentials for access to Workbench (username and password) can be defined in user profiles created and stored on an LDAP server. Accessing the LDAP server requires credentials, and these credentials, like all others, must be stored in OCS.
When users log in to Workbench using their Workbench credentials, Workbench reads the LDAP credentials from OCS, uses those credentials to connect to LDAP, and verifies the Workbench credentials that the users entered against their user profiles in LDAP.
To load into OCS the credentials that give access to an LDAP server, follow these steps:
Verify that your
%ENCECA_TOOLS_CONF%\conf\Login.conf
file contains the following properties, which are required to load credentials from OCS:credentialsKey
: Key name used to retrieve the serviceUsername and servicePassword from OCS.keyStorePassKey
: Key name to retrieve the SSL keyStore passphrase from OCS.The following example illustrates the
Login.conf
file with thecredentialsKey
andkeyStoreKey
properties added:Webstudio { com.endeca.etools.ldap.LDAPLoginModule required serverInfo="ldap://oradev.oraclecorp.com:389" serviceAuthentication="simple" //serviceUsername="cn=Manager,dc=endeca,dc=com" //servicePassword="secret" authentication="simple" useSSL="false" keyStoreLocation="C:/webstudio.jks" //keyStorePassphrase="123456" // Oracle Credential Store configuration to retrieve // serviceUsername, servicePassword and keyStorePassphrase // from credential store. We use the default jps-config.xml // file shipped with T&F from the location // %ENDECA_TOOLS_CONF%\credential_store\ and the default // mapName 'endecaToolsAndFrameworks'. // credentialsKey - Key name under which serviceUsername // and servicePassword are pushed into OCS. // keyStorePassKey - Key name under which SSL keyStorePassPhrase // is pushed into OCS. // Remove or comment-out serviceUserName, servicePassword and // KeyStorePassphrase before using OCS. credentialsKey="serviceCredentialKey" keyStorePassKey="ldapkeyStorePassKey" // ....; };
In the
webstudio.properties
file, set theuseLdap
property to true:webstudio.properties .. .. # LDAP Authentication com.endeca.webstudio.useLdap=true ..
Load the user credentials stored in LDAP into OCS, by running the script
%ENDECA_TOOLS_ROOT%\credential_store\bin\manage_credentials.bat
; for example:manage_credentials.bat add --user "cn=Directory Manager" --key serviceCredentialKey manage_credentials.bat add --key ldapKeyStorePassKey --type generic
Note
The service user name and password are stored as a password type and a keystore passphrase is stored as a generic type. Because the
--type
argument defaults to "password", it needs to be specified only when you store a keystore passphrase, in which case the type is "generic".For a detailed description of the syntax and arguments of
manage_credentials.script
, see Storing Passphrases in the Oracle Credential Store.Restart the Tools and Framework Service.