To use an LDAP server for Repository user management, you must add a <Realm> element to the Repository’s server.xml file, which is located in the JavaCAPS-install-dir/repository/repository/server/conf directory.
The server.xml file contains a default <Realm> element that specifies a flat file implementation of the user database. The flat file implementation uses the tomcat-users.xml file in the JavaCAPS-install-dir/repository/repository/data/files directory.
The following table describes the attributes used by the LDAP versions of the <Realm> element. For a detailed description of all the possible attributes, see the Tomcat documentation for the org.apache.catalina.realm.JNDIRealm class.
Open the server.xml file in the JavaCAPS-install-dir/repository/repository/server/conf directory.
Remove or comment out the default <Realm> element.
If you are using Sun Java System Directory Server, add the following <Realm> element inside the <Engine> tag. Change the default values as necessary. The preceding table describes the attributes.
<Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://localhost:489" userBase="cn=People,dc=sun,dc=com" userSearch="(uid={0})" userSubtree="true" userRoleName="nsroledn" userRoleNamePattern="cn={0},dc=sun,dc=com" roleSubtree="true" /> |
If you are using Active Directory, add the following <Realm> element inside the <Engine> tag. Change the default values as necessary. The preceding table describes the attributes.
<Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://localhost:389" userBase="cn=Users,dc=sun,dc=com" userSearch="(cn={0})" userSubtree="true" roleBase="ou=CAPSRoles,dc=sun,dc=com" roleName="cn" roleSearch="(member={0})" roleSubtree="true" /> |
If you are using OpenLDAP Directory Server, add the following <Realm> element inside the <Engine> tag. Change the default values as necessary. The preceding table describes the attributes.
<Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://localhost:389" userBase="ou=People,dc=sun,dc=com" userSearch="(uid={0})" userSubtree="true" roleBase="ou=CAPSRoles,dc=sun,dc=com" roleName="cn" roleSearch="(uniquemember={0})" roleSubtree="true" /> |
If your LDAP server is not configured for anonymous read access, add the connectionName and connectionPassword attributes to the <Realm> element. Set the first attribute to the DN of the Administrator user. Set the second attribute to the user’s encrypted password. Refer to the following examples.
Sun Java System Directory Server:
connectionName="cn=Directory Manager" connectionPassword="E451KDVb0OPcH+GN46OZcg==" |
Active Directory:
connectionName="Administrator@sun.com" connectionPassword="geEiVIbtO+DcH+GN46OZcg==" |
OpenLDAP Directory Server:
connectionName="cn=Manager,dc=sun,dc=com" connectionPassword="l/ZRt1cfNKc=" |
To encrypt the password, use the encrypt utility in the JavaCAPS-install-dir/repository/repository/util directory. The file extension of the utility depends on your platform. This utility takes the unencrypted password as an argument. For example:
C:\JavaCAPS6\repository\repository\util>encrypt mypwd LCUApSkYpuE |
Save and close the server.xml file.
Start the LDAP server.
Shut down and restart the Repository.