Select Page

There were some fixes for AD, Active Directory, in Patch 3 for version 2.2. This article assumes that patch or later is applied.
First you have to configure the Active Directory to pull the groups so you can set the role(s) for the batch classes. To do this you will modify the user-connectivity.properties file located in:
Epehesoft Install DirectoryApplicationWEB-INFclassesMETA-INFdcma-user-connectivity

Set up the following properties for Active Directory:
user.msactivedirectory_url= ldap://localhost/zia-2014:389
user.msactivedirectory_config=com.sun.jndi.ldap.LdapCtxFactory
user.msactivedirectory_context_path=OU=Security Groups
user.msactivedirectory_domain_component_name=ziaconsulting
user.msactivedirectory_domain_component_organization=com
user.msactivedirectory_user_name=CN=Ephesoft Service,OU=Users,DC=ziaconsulting,DC=com
user.msactivedirectory_password=UserPassword
# 0 for LDAP
# 1 for MS Active Directory
# 2 for Tomcat
user.connection=1

user.msactivedirectory_url – This is the url to the LDAP server
user.msactivedirectory_context_path – path to root where groups reside. Multiple locations can be specified with a “;;” delimiter (eg. OU=Internal Groups;;OU=Contractors)
user.msactivedirectory_domain_component_name – component value for AD is DC below the root DC
user.msactivedirectory_domain_component_organization – root DC of the AD store (typically “com”)
user.msactivedirectory_user_name – User name to connect to the AD server.
user.msactivedirectory_password – User password to connect to the AD server.
user.connection – value should be set to 1 to read the AD configuration (opposed to LDAP or Tomcat properties)

If you have batch classes you should now restart the Ephesoft service set the roles for the batch classes.

Next you have to modify the path for authentication of the users. The file you have to modify is called dcma.xml and it is located in:
Ephesoft Install DirectoryJavaAppServerconfCatalinalocalhost

Modify the realm element to have the url, name, password, pattern and role base for the Active Directory instance.

<Realm 
 className="org.apache.catalina.realm.JNDIRealm" 
 debug="99"
 connectionURL="ldap://localhost/zia-2014:389"
 connectionName="CN=Ephesoft Service,OU=Users,DC=ziaconsulting,DC=com"
 connectionPassword="UserPassword "
 userPattern="cn={0},OU=Users,DC=ziaconsulting,DC=com"
 roleBase="OU=Security Groups,DC=ziaconsulting,DC=com"
 roleName="cn"
 roleSearch="member={0}"
/>

 

Attributes in Realm element that need to be modified:
connectionURL – This is the url to the LDAP server
connectionName – User name to connect to the AD server.
connectionPassword – User password to connect to the AD server.
userPattern – path and pattern to the users
roleBase – path to root where groups reside. Groups must have a common OU to be included in the role base but can be is sub directories under this specified root
roleName – attribute in AD of the Groups that should be included
roleSearch – attribute in the groups specifying the user. The {0} is used as a wild card to indicate all users in those groups

Once the configuration is set restart the server and log in as the AD user with the value that is placed in as the cn value (the cn may be the full name like ‘Pat Myers’) and the AD password.

Please send me any questions, updates or corrections.

Enhanced by Zemanta

Pin It on Pinterest

Sharing is caring

Share this post with your friends!