> Installation and Upgrade Guide > Advanced Configuration

Installation and Upgrade Guide

     Previous  Next    Open TOC in new window    View as PDF - New Window  Get Adobe Reader - New Window
Content starts here

Advanced Configuration

This section describes the following optional advanced procedures for LDAP configuration:

 

Configuring Logging

The ldapws.war file contains the log4j.properties file. The log4j.properties controls the logging settings for the application. You can open the log4j.properties file and edit it within the ldapws.war file.

There are two appenders defined:

The default settings for the parameters in this file should be sufficient but there are several settings that you can change:

Table 5-1 Logging Settings
Files
Function
Append
Determines whether writes to the log file are appended at the end of the file, or if the file is overwritten. This should be set to true.
MaxFileSize
Specifies the maximum size a log file can be before it is rolled over into a new file if the appender is a RollingFileAppender.
If you choose to roll over based on the date, the MaxFileSize setting does not take effect.
MaxBackupIndex
Sets the number of rolled-over files that are saved. The number of roll-over files you set for the MaxBackupIndex value depends on how much disk space you choose to devote to log files.
DatePattern
Determines the basis on which files are rolled over if the appender is a DailyRollingFileAppender. YYY-mm means the file is rolled over once a month. YYYY-mm-dd means the file is rolled over ever day. YYYY-mm-dd-HH rolls over every hour and so forth.
RollingFileAppender
If several synchronization jobs are run once a day use the RollingFileAppender so that the individual log files do not grow excessively large.
DailyRollingFIleAppender
In changing the DailyRollingFileAppender from RollingFileAppender, the MaxFileSize setting is ignored. This allows you to set the type of appender to either rollover based on date or size.
If you use a DailyRollingFileAppender then you must look at the average size of the log created by a single synchronization run to determine what the total disk space is. If synchronizations are run once a week, then setting MaxBackupIndex to 10 provides approximately two months of job histories.

 

Configuring Application Server Session Settings

Within the ldapws.war file there is a web.xml file that contains settings for the application session. You can open this file and edit it within the ldapws.war file.

During large synchronizations, the portal must create database objects for all the users and groups returned by the LDAP IDS. This might cause session time-outs between the calls to GetGroups, GetUsers, and GetMembers.

You can avoid this time-out error by increasing the session-time-out value in the session-config object of web.xml.

 

Configuring LDAP Server Settings

LDAP servers allow you to set the maximum return size of a query result as well as the time limit for a query. If the LDAP IDS log file ever indicates a SizeLimitExceeded or TimeLimitExceeded error it is most likely that you need to adjust these values on the LDAP server. Different LDAP server administration consoles have these settings in different locations and you should contact your LDAP system administrator if you have questions about the location of the settings.

 

Using the LDAP IDS over SSL

In order to use the LDAP IDS over SSL there are two connections you must secure. This section includes the following topics:

Setting Up SSL Between the Portal and the Remote Server

In order to connect to the LDAP IDS from the portal over SSL, you must connect to the remote server on an SSL port and import its trusted certificate.

From a Web browser on the portal server navigate to: https://<remote_server>:<app_server_ssl_port>

If the computer hosting the portal does not already have a certificate from the remote server it prompts you with a Security Alert. Choose to view the certificate and install it to the Trusted Root Certification Authorities store.

When running the installer for LDAP IDS, choose https protocol and enter the SSL port for the application server. In the portal, when you configure the remote server object, use https and the SSL port.

Setting Up SSL Between the Remote Server and the LDAP Server

To connect to the LDAP server over SSL, import the certificate for the LDAP server into the cacerts file in the jre of the application server.

  1. From a Web browser on the remote server navigate to: https://<ldap_server>:<ldap_ssl_port>. You should be prompted with a Security Alert.
  2. Choose to view the certificate and import it.
  3. Navigate to the Tools | Internet Options menu.
  4. Select the Content tab and click Certificates.
  5. Find the certificate for the LDAP server that you just imported and choose to export it as a DER encoded binary. Export it to the <APP_SERVER_JAVA_HOME>/jre/lib/security folder.
  6. Use the java keytool to import this certificate to the cacerts file at <APP_SERVER_JAVA_HOME>/jre/lib/security.

    7. For instructions on using the keytool refer to the SunJava documentation.

    When you create the authentication source in the portal, enter 2 as the Security Mode. The standard SSL port is 636. If your LDAP server is using a different SSL port, enter this in the Alternate Port box.

 

Migrating Users from the Native LDAP Provider to the LDAP IDS

Plumtree Corporate Portal 5.0.x included a native LDAP provider. If you have been using the native LDAP provider, you may want to migrate your users to the LDAP IDS authentication source you created to preserve the MyPage and community settings.

Knowledge Base article DA_224007 “Migrating Users and Groups in 5.0.x Portals” discusses migrating users and groups in a 5.0.x portal. Read this article for instructions on the SQL commands needed to migrate the user information.


  Back to Top       Previous  Next