Sun Java System Web Server 7.0 Update 5 Administrator's Guide

Configuring LDAP Authentication for Administration Server

The Administration Server enables only one predefined administrator login and does not allow user group management. Hence, if multiple users have to login to the Administration Server, LDAP authentication is used. You can login to the Administration Server by using your LDAP userid and password through Administration Console or CLI.


Note –

The Administration server by default enables only users belonging to the group wsadmin to login. Thus, while enabling LDAP authentication, the administrator can define a list of groups, other than wsadmin whose members will be allowed to login.


The LDAP auth-db can also be manually configured to allow the Administration Server to authenticate with LDAP as shown below:


<default-auth-db-name>ldap</default-auth-db-name>

<auth-db>
<name>ldap</name>
<url>ldap://ooooxxxxooooo.india.sun.com:389/dc963dindia,dc963dsun,dc963dcom</url>
<property>
<name>bindpw</name>
<value>YWRtaW5hZG1pbg==</value>
<encoded>true</encoded>
</property>
<property>
<name>binddn</name>
<value>cn=Directory Manager</value>
</property>
</auth-db>

ProcedureTo Configure LDAP Authentication

  1. Login to Administration Console.

  2. Click the Nodes tab to view a list of nodes configured in the server.

  3. Click the Administration Node from the list.

  4. Select Authentication from Administration Server - General Settings page.

  5. Select the Use LDAP Authentication button.


    Note –

    The Use LDAP Authentication is enabled only for Administration Server.


  6. Enter LDAP authentication information.

    By entering the user groups in the Allowed Groups text field, the administrator enables or disables LDAP authentication to the group.

  7. Click the Save button.


    Note –

    Using CLI

    • To enable the Administration Server to authenticate against LDAP server, execute the following command.


      wadm enable-admin-ldap-auth --user=admin --host=serverhost 
      --password-file=../admin.passwd --port=8989 --ssl=true --no-prompt rcfile=null 
      --ldap-url=ldap://serverhost.com:3950/dc=xyz,dc=xyz,dc=xyz 
      --bind-dn=cn="Directory Manager"
      

      wadm enable-admin-ldap-auth --user=admin --host=serverhost 
      --password-file=../admin.passwd --port=8989 --ssl=true 
      --ldap-url=ldap://serverhost:port/dc=acme,dc=com 
      --allow-group="group1,group2,group3"
      

      See CLI Reference, enable-admin-ldap-auth(1)

    • To disable the Administration authentication to LDAP server execute the following command.


      wadm disable-admin-ldap-auth --user=admin --host=serverhost 
      --password-file=../admin.passwd --port=8989 --ssl=true --no-prompt --rcfile=null
      

      See CLI Reference, disable-admin-ldap-auth(1)

    • To display the Administration LDAP authentication properties execute the following command.


      wadm get-admin-ldap-auth-prop --user=admin --host=serverhost 
      --password-file=../admin.passwd --port=8989 --ssl=true --no-prompt rcfile=null
      

      wadm get-admin-ldap-auth-prop --user=admin 
      --host=serverhost --password-file=../admin.passwd --port=8989 --ssl=true 
      --no-prompt rcfile=null allow-group
      

      See CLI Reference, get-admin-ldap-auth-prop(1)