Skip Navigation Links | |
Exit Print View | |
Using LDAP with Oracle Java CAPS Java CAPS Documentation |
Using an LDAP Server for Repository User Management
Configuring Oracle Virtual Directory for the Repository
To Configure LDAP Servers Connected to Oracle Virtual Directory
Configuring Oracle Internet Directory for the Repository
To Configure Oracle Internet Directory
Configuring Oracle Directory Server Enterprise Edition for the Repository
To Configure Oracle Directory Server Enterprise Edition
Configuring the Active Directory Service for the Repository
To Configure the Active Directory Service
Configuring the OpenLDAP Directory Server for the Repository
To Configure the OpenLDAP Directory Server
Configuring the Repository for LDAP Support
Configuring the Repository for LDAP and SSL Support
Configuring SSL on the LDAP Server
Importing the LDAP Server's Certificate
Using an LDAP Server for Oracle Java CAPS JMS IQ Manager User Management
Configuring the Oracle Java CAPS JMS IQ Manager
To Configure the Oracle Java CAPS JMS IQ Manager
Access Control LDAP Server Properties
Using an LDAP Server for Enterprise Manager User Management
Configuring Oracle Virtual Directory for Enterprise Manager
To Configure LDAP Servers Connected to Oracle Virtual Directory
Configuring Oracle Internet Directory for Enterprise Manager
To Configure Oracle Internet Directory
Configuring Oracle Directory Server Enterprise Edition for Enterprise Manager
To Configure the Oracle Directory Server Enterprise Edition
Configuring Microsoft Active Directory Service for Enterprise Manager
To Configure the Active Directory Service
Configuring the OpenLDAP Directory Server for Enterprise Manager
To Configure the OpenLDAP Directory Server
Configuring the Enterprise Manager Server
To Configure the Enterprise Manager Server
Configuring Enterprise Manager for LDAP and SSL Support
Configuring SSL on the LDAP Server
Specifying an Application Configuration Property Dynamically
Enabling the Application Server to Access the LDAP Server
To Enable the Application Server to Access the LDAP Server
Specifying an LDAP URL for a Property
You can configure Enterprise Manager to use an LDAP server for user management. This is a two-step process. First, you configure the LDAP server, and then you configure the Enterprise Manager server so it can locate the LDAP server and find the appropriate information (for example, the portion of the directory that contains users).
See the following topics for instructions on how to configure different types of LDAP directories:
Configuring Oracle Internet Directory for Enterprise Manager
Configuring Oracle Directory Server Enterprise Edition for Enterprise Manager
Configuring Microsoft Active Directory Service for Enterprise Manager
Configuring the OpenLDAP Directory Server for Enterprise Manager
Once you configure the LDAP directory, you need to configure the Enterprise Manager, as described in Configuring the Enterprise Manager Server.
Managing Java CAPS Users provides basic information about Enterprise Manager user management.
Oracle Virtual Directory accesses information from multiple directories and databases, giving you a single entry point into the information stored in these directories. For more information about Oracle Virtual Directory, see Configuring Oracle Virtual Directory for the Repository.
Perform the following general steps to create the user and roles for each LDAP directory that will connect to the Enterprise Manager through the Oracle Virtual Directory. More complete instructions are provided for specific LDAP directories in the following sections:
Configuring Oracle Internet Directory for Enterprise Manager
Configuring Oracle Directory Server Enterprise Edition for Enterprise Manager
Configuring Microsoft Active Directory Service for Enterprise Manager
Configuring the OpenLDAP Directory Server for Enterprise Manager
Deployment
User Management
Read-Only Monitor
Controlling Monitor
JMS Read-Only Monitor
JMS Read-Write Monitor
Manager
Oracle Internet Directory runs as an application on an Oracle database. For more information about Oracle Internet Directory, see Configuring Oracle Internet Directory for the Repository.
You only need to perform steps 2 and 3 (creating the Java CAPS users and organizational unit for roles) if you did not already create them when configuring LDAP for the Repository. For more information, see Configuring Oracle Internet Directory for the Repository.
Deployment
User Management
Read-Only Monitor
Controlling Monitor
JMS Read-Only Monitor
JMS Read-Write Monitor
Manager
Oracle Directory Server Enterprise Edition provides a console for you to perform administrative tasks. For more information about Oracle Directory Server Enterprise Edition, see Configuring Oracle Directory Server Enterprise Edition for the Repository.
Deployment
User Management
Read-Only Monitor
Controlling Monitor
JMS Read-Only Monitor
JMS Read-Write Monitor
Manager
Active Directory is a key part of Windows 2000. It provides a wide variety of manageability, security, and interoperability features. The main administration tool is a snap-in called Active Directory Users and Computers.
Active Directory does not support the concept of roles. Therefore, you must simulate the Enterprise Manager roles in Active Directory using the concept of groups.
Note - For detailed information about how to perform the following steps, see the documentation provided with Active Directory.
The New Object - Organization Unit dialog box appears.
Deployment
User Management
Read-Only Monitor
Controlling Monitor
JMS Read-Only Monitor
JMS Read-Write Monitor
Manager
After you add the groups, they appear under the organizational unit.
The OpenLDAP Project provides an open source implementation of the LDAP protocol. The LDAP server runs as a standalone daemon called slapd. The main configuration file is called slapd.conf. This file contains global information that is specific to the database and back end. You can use various approaches to add entries to the database, such as using the slapadd program. To search the database, use the ldapsearch program.
For more information, see http://www.openldap.org.
Note - For detailed information about how to perform the following steps, see the documentation provided with OpenLDAP Directory Server.
Deployment
User Management
Read-Only Monitor
Controlling Monitor
JMS Read-Only Monitor
JMS Read-Write Monitor
Manager
Once you have configured the LDAP server, you configure the Enterprise Manager server so that it can locate the LDAP server and find the appropriate information.
You must edit the following Enterprise Manager files: web.xml and ldap.properties.
<param-name>com.stc.emanager.sentinel.authHandler</param-name> <param-value>com.stc.cas.auth.provider.tomcat.TomcatPasswordHandler</param-value>
<param-value>com.stc.cas.auth.provider.ldap.LDAPHandler</param-value>
|
By default, communications between Enterprise Manager and the LDAP server are unencrypted. To encrypt communications, make the following additions and modifications to the procedures described earlier in this topic.
Ensure that the LDAP server is configured to use the Secure Sockets Layer (SSL). For instructions, see the documentation provided with the LDAP server. In preparation for the next step, export the LDAP server’s certificate to a file.
You must add the LDAP server’s certificate to the Enterprise Manager’s list of trusted certificates. The list is located in a file called cacerts, located in the JDK-install-dir/jre/lib/security directory. In the following procedure, you use the keytool program. This program is included with the Java SDK.
Use the JDK that was specified during Java CAPS installation.
keytool -import -trustcacerts -alias alias_name -file certificate_filename -keystore cacerts_filename
For the -alias option, assign any value.
For the -file option, specify the fully qualified name of the LDAP server’s certificate. For example:
C:\mycertificate.cer
For the -keystore option, specify the fully qualified name of the cacerts file.
The following message appears:
Certificate was added to keystore
When you configured the LDAP properties for Enterprise Manager, as described in Configuring the Enterprise Manager Server, you specified the LDAP server URL. When using the SSL protocol, you need to modify that URL as described below.
Typically, this number is 636. For example:
com.stc.sentinel.auth.ldap.serverUrl=ldaps://MyLDAPServer:636