Bookshelf Home | Contents | Index | Search | PDF

Siebel Interactive Selling Transact Server Interface Reference > Authentication and Login Support > Setting LDAP Properties >

Sample Script Templates

---

Several templates are available that simplify LDAP installation and maintenance.

To save and run the following script templates

Save the code in a file.

For example, addservlet.sci under the WebLogic home directory.

In the property editor, set the LDAP URL to your LDAP Server and the LDAP Credential to "Directory Manager."
Run the script from the command line by typing the following line (replacing addservlet.sci with the name of your script file) at the prompt:

Rincon_run addservlet.sci

Supporting Adding Servlets to WebLogic

This script provides the support for WebLogic to accept new servlets. The procedure used in this script could be used to add any kind of resource to WebLogic that requires granting user permissions to it. This is a specific example of adding a servlet which is a resource. This script adds a servlet called Logout that handles logging the user out gracefully. The Logout servlet receives the request from the client browser when the user decides to log out by clicking a button or a URL link, and then deallocates any resources assigned to the user.

The first step is to add the servlet to the WebLogic.properties file to instruct WebLogic to load the servlet. To do this, add the following line in the WebLogic.properties file. (The package name of the servlet is com.siebel.isscda.wl.servlet.)

WebLogic.httpd.register.Logout=\com.siebel.isscda.wl.servlet.rinco n.Logout

Because the servlet is a resource, WebLogic needs to know which users have what permissions to this resource. Since WebLogic queries LDAP for all security information relating to users, groups, and ACLs (resources), this new servlet needs to be added as an ACL into the LDAP system as well and users granted permissions to this resource. The following template uses the command-line API to do this.

The Script

cmd=newacl;acl=WebLogic.servlet.Logout;user=system
cmd=initload
cmd=setpermission;acl=WebLogic.servlet.Logout;type=allow ;permission=*;forgroup=everyone;owneruser=system
end

About the Script

The first command creates an ACL named WebLogic.servlet.Logout with the user system as the owner of the ACL. Because we want to modify the data in the LDAP system, the second command (cmd=initload) loads the data from the LDAP system into memory. The third command gives all permissions that are positive to the group everyone. Now anyone belonging to the group everyone automatically has the permissions assigned to the group. The owneruser must be the owner of the ACL in order for the setpermission command to execute successfully. The last command (end) instructs the program that executes the script file to terminate itself.

When WebLogic loads this servlet, it gets the security access information to this servlet from the LDAP system, and implements it accordingly.

Adding Users and Groups

This script template adds a list of users and groups. It then adds the users and groups as members of other groups.

The Script

cmd=newuser;user=john
cmd=newuser;user=mary
cmd=newuser;user=kate
cmd=newgroup;group=Engineering
cmd=newgroup;group=Marketing
cmd=initload
cmd=addgroupmember;tgtgroup=Engineering;user=john
cmd=addgroupmember;tgtgroup=Engineering;user=kate
cmd=addgroupmember;tgtgroup=Marketing;user=mary
end

About the Script

The users john and kate automatically get the same kind of access as the Engineering group. Mary gets the same privileges as the Marketing group.

Deleting Users and Groups

This script template deletes a list of users and groups, and removes users from groups.

The Script

cmd=deluser;user=john
cmd=deluser;user=mary
cmd=delgroupmember;tgtgroup=Engineering;user=kate
cmd=delgroup;group=Engineering
end

About the Script

The users john and mary are deleted from the LDAP system while the user kate is removed from the Engineering group (although she will remain in the LDAP system). Finally, the group Engineering is deleted from the LDAP system.

Bookshelf Home | Contents | Index | Search | PDF