1. Securing Oracle Enterprise Data Quality
  2. Configuring EDQ to support Windows Integrated Authentication (Kerberos)
  3. EDQ running as Windows service using local system account

EDQ running as Windows service using local system account

If the EDQ application server is running on a Windows server in the domain, using the local system account, then the configuration is very simple. EDQ will use the system account for the accept credentials and also to contact AD for user lookups.

The EXAMPLE.COM login.properties for this configuration would be: 

# EXAMPLE.COM LDAP integration
# ----------------------------
 
realms                         = internal, ad
ldap.prof.useprimarygroup      = false
clientcreds                    = true
 
ad.realm                       = EXAMPLE.COM
ad.auth                        = ldap
ad.auth.bindmethod             = simple
ad.auth.binddn                 = search: dn
 
ad.ldap.profile                = adsldap
ad.ldap.prof.defaultusergroup  = edqusers
ad.ldap.prof.groupsearchfilter = (cn=edq*)

The 'clientcreds' setting indicates that Kerberos credentials should be obtained from the current user's cache (in this case the local system account). These credentials are used to connect to Active Directory and to set up the 'accept' GSSAPI context.

A server which is a member of the Active Directory domain will generally use the domain controller for DNS lookups. If this is the case, EDQ can determine the LDAP server addresses automatically. If you wish to fix the address, perhaps because some of the domain controllers are at a remote location, use the ldap.server property:

ad.ldap.server                 = dc1.example.com