Loading Credentials for Access to LDAP into Oracle Credentials Store (OCS)

This section describes how to load LDAP server credentials into the Oracle Credentials Store (OCS).

Note

All credentials used by Oracle Commerce Guided Search implementations must be stored in OCS. Plaintext credentials are supported for backward compatibility but not for new application development.

User credentials for access to Workbench (username and password) can be defined in user profiles created and stored on an LDAP server. Accessing the LDAP server requires credentials, and these credentials, like all others, must be stored in OCS.

When users log in to Workbench using their Workbench credentials, Workbench reads the LDAP credentials from OCS, uses those credentials to connect to LDAP, and verifies the Workbench credentials that the users entered against their user profiles in LDAP.

To load into OCS the credentials that give access to an LDAP server, follow these steps:

  1. Verify that your %ENCECA_TOOLS_CONF%\conf\Login.conf file contains the following properties, which are required to load credentials from OCS:

    credentialsKey: Key name used to retrieve the serviceUsername and servicePassword from OCS.

    keyStorePassKey: Key name to retrieve the SSL keyStore passphrase from OCS.

    The following example illustrates the Login.conf file with the credentialsKey and keyStoreKey properties added: 

    Webstudio {

  		com.endeca.etools.ldap.LDAPLoginModule required
    serverInfo="ldap://oradev.oraclecorp.com:389"
  		serviceAuthentication="simple"

  		//serviceUsername="cn=Manager,dc=endeca,dc=com"
 		 //servicePassword="secret"

 	 	authentication="simple"
  		useSSL="false"
  		keyStoreLocation="C:/webstudio.jks"
    //keyStorePassphrase="123456"

 		 // Oracle Credential Store configuration to retrieve
 		 // serviceUsername, servicePassword and keyStorePassphrase 
 		 // from credential store. We use the default jps-config.xml 
 		 // file shipped with T&F from the location 
    // %ENDECA_TOOLS_CONF%\credential_store\ and the default 
 	 	// mapName 'endecaToolsAndFrameworks'.
    // credentialsKey - Key name under which serviceUsername 
    //   and servicePassword are pushed into OCS.
 	 	// keyStorePassKey - Key name under which SSL keyStorePassPhrase
    //   is pushed into OCS.
 		 // Remove or comment-out serviceUserName, servicePassword and 
    // KeyStorePassphrase before using OCS.
			
				credentialsKey="serviceCredentialKey"
				keyStorePassKey="ldapkeyStorePassKey"

  		// ....;

  };

  2. In the webstudio.properties file, set the useLdap property to true: 

    webstudio.properties
..
..
# LDAP Authentication
com.endeca.webstudio.useLdap=true
..

  3. Load the user credentials stored in LDAP into OCS, by running the script %ENDECA_TOOLS_ROOT%\credential_store\bin\manage_credentials.bat; for example: 

    manage_credentials.bat add --user "cn=Directory Manager" --key serviceCredentialKey
manage_credentials.bat add --key ldapKeyStorePassKey --type generic

    Note

    The service user name and password are stored as a password type and a keystore passphrase is stored as a generic type. Because the --type argument defaults to "password", it needs to be specified only when you store a keystore passphrase, in which case the type is "generic".

    For a detailed description of the syntax and arguments of manage_credentials.script, see Storing Passphrases in the Oracle Credential Store.

  4. Restart the Tools and Framework Service.

Copyright © Legal Notices