test

Using LDAP with Java CAPS

ProcedureTo Configure the Sun JMS IQ Manager

  1. If the application server is not running, then start the application server.

  2. Log in to the Configuration Agent. The format of the URL is http://hostname:port-number/configagent. Set the hostname to the TCP/IP host name of the computer where the application server is installed. Set the port number to the administration port number of the application server. For example:

    http://localhost:4848/configagent

  3. In the left pane, click the JMS IQ Manager node (for example, IQ_Manager_18007).

  4. Click the Access Control tab.

  5. Ensure that the check box to the right of the Require Authentication label is selected.

  6. If you want to enable Sun Java System Directory Server, then select the check box to the right of the Enable Sun Java System Directory Server label and click Show Properties.

    The following table describes the properties that appear. The default values are intended to match the standard schema of Sun Java System Directory Server. Review the default value for each property. If necessary, modify the default value.

    Property 

    Description 

    Naming Provider URL 

    The URL of the Java Naming and Directory Interface (JNDI) service provider. 

    The default value is ldap://IP_address:589.

    Naming Initial Factory 

    The fully qualified name of the factory class that creates the initial context. The initial context is the starting point for JNDI naming operations. 

    The default value is com.sun.jndi.ldap.LdapCtxFactory.

    Naming Security Authentication 

    The security level to use in JNDI naming operations. 

    The default value is simple.

    Naming Security Principal 

    The security principal used for connecting to the LDAP server. 

    Naming Security Credentials 

    The password of the naming security principal. 

    The default value is STC. The value is encrypted when you save and then view it again.

    Group DN Attribute Name in Group 

    The name of the Distinguished Name attribute in group entries. 

    The default value is entrydn.

    Group Name Field in Group DN 

    The name of the group name field in group Distinguished Names. 

    The default value is cn.

    Groups of User Filter Under Groups Parent DN 

    The LDAP search filter used to retrieve all of a user’s groups. This property follows the syntax supported by the java.text.MessageFormat class with {1} indicating where the user’s Distinguished Name should be inserted.

    The default value is uniquemember={1}.

    Groups Parent DN 

    The parent Distinguished Name of the group entries. In other words, this property specifies the root entry of the groups portion of the LDAP directory. 

    Role Name Attribute Name in User 

    The name of the role name attribute in user entries. 

    The default value is nsroledn.

    Role Name Field in Role DN 

    The name of the role name field in role Distinguished Names. 

    The default value is cn.

    Roles Parent DN 

    The parent Distinguished Name of the role entries. In other words, this property specifies the root entry of the roles portion of the LDAP directory. 

    Search Groups Sub Tree 

    By default, the groups portion of the LDAP directory is searched only one level below the root entry. To enable searches of the entire subtree, set the value to true.

    The default value is false.

    Search Roles Sub Tree 

    By default, the roles portion of the LDAP directory is searched only one level below the root entry. To enable searches of the entire subtree, set the value to true.

    The default value is false.

    Search Users Sub Tree 

    By default, the users portion of the LDAP directory is searched only one level below the root entry. To enable searches of the entire subtree, set the value to true.

    The default value is false.

    User DN Attribute Name in User 

    The name of the Distinguished Name attribute in user entries. 

    The default value is entrydn.

    User ID Attribute Name in User 

    The name of the user ID attribute in user entries. 

    The default value is uid.

    Users Parent DN 

    The parent Distinguished Name of the user entries. In other words, this property specifies the root entry of the users portion of the LDAP directory. 

  7. If you want to enable Active Directory, then select the check box to the right of the Enable Microsoft Active Directory Server label and click Show Properties.

    The following table describes the properties that appear. The default values are intended to match the standard schema of Active Directory. Review the default value for each property. If necessary, modify the default value.

    Property 

    Description 

    Naming Provider URL 

    The URL of the Java Naming and Directory Interface (JNDI) service provider. 

    The default value is ldap://IP_address:389.

    Naming Initial Factory 

    The fully qualified name of the factory class that creates the initial context. The initial context is the starting point for JNDI naming operations. 

    The default value is com.sun.jndi.ldap.LdapCtxFactory.

    Naming Security Authentication 

    The security level to use in JNDI naming operations. 

    The default value is simple.

    Naming Security Principal 

    The security principal used for connecting to the LDAP server. 

    Naming Security Credentials 

    The password of the naming security principal. 

    The default value is STC. The value is encrypted when you save and then view it again.

    Users Parent DN 

    The parent Distinguished Name of the user entries. In other words, this property specifies the root entry of the users portion of the LDAP directory. 

    User DN Attribute Name in User 

    The name of the Distinguished Name attribute in user entries. 

    The default value is distinguishedName.

    User ID Attribute Name in User 

    The name of the user ID (that is, the login ID) attribute in user entries. 

    The default value is sAMAccountName.

    Roles Parent DN 

    The parent Distinguished Name of the role entries. In other words, this property specifies the root entry of the roles portion of the LDAP directory. 

    Role DN Attribute Name in Role 

    The name of the Distinguished Name attribute in role entries. 

    The default value is cn.

    Roles of User Filter Under Roles Parent DN 

    The LDAP search filter used to retrieve all of a user’s roles. This property follows the syntax supported by the java.text.MessageFormat class with {1} indicating where the user’s Distinguished Name should be inserted.

    The default value is (&(member={1})(objectclass=group)).

    Groups Parent DN 

    The parent Distinguished Name of the group entries. In other words, this property specifies the root entry of the groups portion of the LDAP directory. 

    Group DN Attribute Name in Group 

    The name of the Distinguished Name attribute in group entries. 

    The default value is distinguishedName.

    Group Name Field in Group DN 

    The name of the group name field in group Distinguished Names. 

    The default value is cn.

    Groups of User Filter Under Groups Parent DN 

    The LDAP search filter used to retrieve all of a user’s groups. This property follows the syntax supported by the java.text.MessageFormat class with {1} indicating where the user’s Distinguished Name should be inserted.

    The default value is (&(member={1})(objectclass=group)).

    Search Groups Sub Tree

    By default, the groups portion of the LDAP directory is searched only one level below the root entry. To enable searches of the entire subtree, set the value to true.

    The default value is false.

    Search Users Sub Tree 

    By default, the users portion of the LDAP directory is searched only one level below the root entry. To enable searches of the entire subtree, set the value to true.

    The default value is false.

    Search Roles Sub Tree 

    By default, the roles portion of the LDAP directory is searched only one level below the root entry. To enable searches of the entire subtree, set the value to true.

    The default value is false.

  8. If you want to enable OpenLDAP Directory Server, then select the check box to the right of the Enable Generic LDAP Server label and click Show Properties.

    The following table describes the properties that appear. Review the default value for each property. If necessary, modify the default value.

    Property 

    Description 

    Naming Provider URL 

    The URL of the Java Naming and Directory Interface (JNDI) service provider. 

    The default value is ldap://IP_address:489.

    Naming Initial Factory 

    The fully qualified name of the factory class that creates the initial context. The initial context is the starting point for JNDI naming operations. 

    The default value is com.sun.jndi.ldap.LdapCtxFactory.

    Naming Security Authentication 

    The security level to use in JNDI naming operations. 

    The default value is simple.

    Users Parent DN 

    The parent Distinguished Name of the user entries. In other words, this property specifies the root entry of the users portion of the LDAP directory. 

    User ID Attribute Name in User 

    The name of the user ID attribute in user entries. 

    The default value is uid.

    Roles Parent DN 

    The parent Distinguished Name of the role entries. In other words, this property specifies the root entry of the roles portion of the LDAP directory. 

    Role Name Attribute Name in Role 

    The name of the role name attribute in user entries. 

    The default value is cn.

    Roles of User Filter Under Roles Parent DN 

    The LDAP search filter used to retrieve all of a user’s roles. This property follows the syntax supported by the java.text.MessageFormat class with {1} indicating where the user’s Distinguished Name should be inserted.

    The default value is uniquemember={1}.

    Group Name Field in Group DN 

    The name of the group name field in group Distinguished Names. 

    The default value is cn.

    Groups Parent DN 

    The parent Distinguished Name of the group entries. In other words, this property specifies the root entry of the groups portion of the LDAP directory. 

    Groups of User Filter Under Groups Parent DN 

    The LDAP search filter used to retrieve all of a user’s groups. This property follows the syntax supported by the java.text.MessageFormat class with {1} indicating where the user’s Distinguished Name should be inserted.

    The default value is uniquemember={1}.

    Search Groups Sub Tree

    By default, the groups portion of the LDAP directory is searched only one level below the root entry. To enable searches of the entire subtree, set the value to true.

    The default value is false.

    Search Users Sub Tree 

    By default, the users portion of the LDAP directory is searched only one level below the root entry. To enable searches of the entire subtree, set the value to true.

    The default value is false.

    Search Roles Sub Tree 

    By default, the roles portion of the LDAP directory is searched only one level below the root entry. To enable searches of the entire subtree, set the value to true.

    The default value is false.

  9. If you want to change the default realm, then select the realm from the Default Realm drop-down list.

  10. Click Save.