test

Using LDAP with Java CAPS

Using an LDAP Server for Enterprise Manager User Management

You can configure Enterprise Manager to use an LDAP server for user management.

The following LDAP servers are supported:

First, you configure the LDAP server. Then you configure the Enterprise Manager server so that it can locate the LDAP server and find the appropriate information (for example, the portion of the directory that contains users).

Managing Java CAPS Users provides basic information about Enterprise Manager user management.

Configuring the Sun Java System Directory Server

Sun Java System Directory Server versions 5.1 and 5.2 include the following main components:

The Directory Server console enables you to perform most administrative tasks. The console contains four top-level tabs: Tasks, Configuration, Directory, and Status. The Directory tab displays the directory entries as a tree. You can browse, display, and edit all of the entries and attributes from this tab.

You can also perform administrative tasks manually by editing configuration files or by using command-line utilities.

Sun Java System Directory Server version 6.x provides the following ways for you to manage the entries in a directory:

DSCC is integrated into the Sun JavaTM Web Console. DSCC contains five top-level tabs: Common Tasks, Directory Servers, Proxy Servers, Server Groups, and Settings.

If you click the Directory Servers tab, the name of a server, and the Entry Management tab, then you reach the page that enables you to browse, add, and modify entries. The Directory Information Tree (DIT) appears on the left.

You can also use the Common Tasks tab to create a new entry or browse data.

Note –

For detailed information about how to perform the following steps, see the documentation provided with Sun Java System Directory Server.

ProcedureTo Configure the Sun Java System Directory Server

  1. Create the admin user and the Administrator user under the People directory.

  2. Create the following roles under the top node:

    • Deployment

    • User Management

    • Read-Only Monitor

    • Controlling Monitor

    • JMS Read-Only Monitor

    • JMS Read-Write Monitor

    • Manager

  3. Assign the roles that you created to the admin user and the Administrator user.

  4. Go to Configuring the Enterprise Manager Server.

Configuring the Active Directory Service

Active Directory is a key part of Windows 2000. It provides a wide variety of manageability, security, and interoperability features. The main administration tool is a snap-in called Active Directory Users and Computers.

Active Directory does not support the concept of roles. Therefore, you must simulate the Enterprise Manager roles in Active Directory using the concept of groups.

Note –

For detailed information about how to perform the following steps, see the documentation provided with Active Directory.

ProcedureTo Configure the Active Directory Service

  1. Start the Active Directory Users and Computers administration tool.

  2. Right-click the root node and select New > Organizational Unit.

    The New Object - Organization Unit dialog box appears.

  3. In the Name field, enter a value (for example, EntMgrRoles).

  4. Click OK.

  5. Under the organizational unit, create the following groups:

    • Deployment

    • User Management

    • Read-Only Monitor

    • Controlling Monitor

    • JMS Read-Only Monitor

    • JMS Read-Write Monitor

    • Manager

    After you add the groups, they appear under the organizational unit.

  6. Add the admin user and the Administrator user as members of all the groups that you created by double-clicking each group and selecting admin and Administrator from the dialog box.

  7. Go to Configuring the Enterprise Manager Server.

Configuring the OpenLDAP Directory Server

The OpenLDAP Project provides an open source implementation of the LDAP protocol. The LDAP server runs as a stand-alone daemon called slapd. The main configuration file is called slapd.conf. This file contains global, backend-specific, and database-specific information. You can use various approaches to add entries to the database, such as using the slapadd program. To search the database, use the ldapsearch program.

For more information, see http://www.openldap.org.

Note –

For detailed information about how to perform the following steps, see the documentation provided with OpenLDAP Directory Server.

ProcedureTo Configure the OpenLDAP Directory Server

  1. Create the admin user and the Administrator user under the node where the users are located.

  2. If you do not have a node for roles in your schema, then create a node for the Enterprise Manager roles that you will create in the following step.

  3. Create the following roles under the node where the roles are located:

    • Deployment

    • User Management

    • Read-Only Monitor

    • Controlling Monitor

    • JMS Read-Only Monitor

    • JMS Read-Write Monitor

    • Manager

  4. Add the admin user and the Administrator user as unique members of each role.

  5. Add other users to one or more roles, as necessary.

  6. Go to Configuring the Enterprise Manager Server.

Configuring the Enterprise Manager Server

Once you have configured the LDAP server, you configure the Enterprise Manager server so that it can locate the LDAP server and find the appropriate information.

You must edit the following Enterprise Manager files: web.xml and ldap.properties.

ProcedureTo Configure the Enterprise Manager Server

  1. Shut down the server component of Enterprise Manager.

  2. Open the web.xml file in the JavaCAPS-install-dir/emanager/server/webapps/sentinel/WEB-INF directory.

  3. Locate the following lines:


    <param-name>com.stc.emanager.sentinel.authHandler</param-name>
<param-value>com.stc.cas.auth.provider.tomcat.TomcatPasswordHandler</param-value>

  4. Change the parameter value to:


    <param-value>com.stc.cas.auth.provider.ldap.LDAPHandler</param-value>

  5. Save the web.xml file.

  6. Open the ldap.properties file in the JavaCAPS-install-dir/emanager/server/webapps/sentinel/WEB-INF/classes directory.

  7. The following table describes all of the properties that appear in the ldap.properties file. Edit the properties in the section for your LDAP server, and ensure that the properties are not commented out.

    Property 

    Description 

    com.stc.sentinel.auth.ldap.serverType 

    The type of LDAP server. 

    com.stc.sentinel.auth.ldap.serverUrl 

    The URL of the LDAP server. 

    com.stc.sentinel.auth.ldap.searchFilter 

    The name of the user ID attribute in user entries. 

    com.stc.sentinel.auth.ldap.searchBase 

    The root entry of the portion of the LDAP directory where Enterprise Manager will search for users. 

    com.stc.sentinel.auth.ldap.searchScope 

    This property is not currently used. 

    com.stc.sentinel.auth.ldap.bindDN 

    The security principal used for connecting to the LDAP server. 

    com.stc.sentinel.auth.ldap.bindPassword 

    The password of the security principal. 

    com.stc.sentinel.auth.ldap.referral 

    The LDAP referral policy. The default value is follow, which indicates that LDAP referrals will be automatically followed. Note that referrals must be enabled in the LDAP server. The other valid values are throw (for referral exceptions) and ignore.

    This property is optional. 

    This property appears only in the Active Directory and OpenLDAP sets of properties. 

    com.stc.sentinel.auth.ldap.roleAttribute 

    The name of the role name attribute in user entries. 

    com.stc.sentinel.auth.ldap.roleBaseDN 

    The root entry of the portion of the LDAP directory where Enterprise Manager will search for roles. 

    This property appears only in the OpenLDAP set of properties. 

    com.stc.sentinel.auth.ldap.rolePattern 

    Enables you to configure pattern matching for role names. You can place the Enterprise Manager users in a separate line of business from other users in the LDAP directory. 

    This property appears only in the Active Directory set of properties. 

  8. Save the ldap.properties file.

  9. Start the server component of Enterprise Manager.