Presto Administration : Getting Started with the Presto Server : Integrate Your LDAP Directory with Presto
Integrate Your LDAP Directory with Presto
 
Defining LDAP Connection Configuration
Defining the Authentication Scheme
Defining the Authorization Scheme
Enabling Presto Application Queries for All LDAP Users or Groups for Permissions
In many cases, users and authentication information for an organization is defined in an existing LDAP Directory. You can configure Presto to use your LDAP Directory as the source for user and group information.
Note:  
See the webMethods and Intelligent Business Operations System Requirements guide for information on Presto support for specific LDAP Directory solutions.
To configure your LDAP Directory as the Presto User Repository:
1. If the Presto Server is not yet started, start Presto. See Start and Stop the Presto Server for instructions.
2. Change Presto configuration to use LDAP as the authentication provider.
a. Edit the userRepositoryApplicationContext.xml file in the presto-config folder with any text editor.
Note:  
This folder may be in the default location or in an external location. See Setting Up an External Presto Configuration Folder for more information.
b. Remove the comment markers around this statement: <import resource="/userRepositoryApplicationContext-ldap.xml">.
c. Comment out this statement: <import resource="/userRepositoryApplicationContext-jdbc.xml"> property.
Note:  
You cannot use both default authentication and LDAP authentication.
The configuration should look something like this:
<beans>
<!-- Choose between the interal JDBC repository and LDAP comment/uncomment
these two import statements -->
<import resource="/userRepositoryApplicationContext-ldap.xml">
<!-- <import resource="/userRepositoryApplicationContext-jdbc.xml"> -->
...
</beans>
3. Change Presto configuration for the user attribute provider.
a. If it is not already open, edit the userRepositoryApplicationContext.xml file in the presto-config folder with any text editor.
Note:  
This folder may be in the default location or in an external location. See Setting Up an External Presto Configuration Folder for more information.
b. Find the userAttributeProvider bean:
<bean id="userAttributeProvider"

>
...
c. Remove comment markers around the ldapAttributeProvider bean reference in the providers property list.
The configuration should now look something like this:
<bean id="userAttributeProvider"

>
<property name="providers">
<list>
<ref bean="ldapAttributeProvider"/>
<ref bean="internalUserAttributeProvider"/>
</list>
</property>
</bean>
d. Save your changes to this file.
Important:  
Do not restart the Presto Server until all other LDAP configuration steps have been completed.
4. Define configuration in the Admin Console in Presto Hub for:
*Connections to the LDAP Directory. See Defining LDAP Connection Configuration.
*Authentication mechanisms. See Defining the Authentication Scheme.
*Authorization mechanisms. See Defining the Authorization Scheme.
*All user and group queries used in Presto applications. See Enabling Presto Application Queries for All LDAP Users or Groups for Permissions.
See also Expose User Attributes from the User Repository in Presto for information on making LDAP user attributes accessible as Presto user attributes.
5. Add the built-in Presto user groups to LDAP as new groups and assign at least one user as a Presto administrator.
See Grant User Access to Presto with Built-in Groups for instructions.
6. Restart the Presto Server.
Presto now uses LDAP as the user repository. You can now login using the user account assigned in earlier steps as a Presto administrator.
To grant access to other users, add them to an appropriate built-in Presto user group in LDAP. See Grant User Access to Presto with Built-in Groups for instructions.
Copyright © 2006-2015 Software AG, Darmstadt, Germany.
Product LogoContact Support   |   Community   |   Feedback