Transforming and Migrating Internal and LDAP Configuration Data
Pre-requisites:
To transform and migrate the Internal and LDAP configurations to the new JAAS configuration through the CentraSite Command Line Interface, you must have the CentraSite Administrator role.
When upgrading CentraSite 9.6 or earlier to version 10.0, you must transform and migrate the Internal and LDAP configurations from the old Registry or Repository to the new CentraSite JAAS configuration.
To resolve this problem, a mechanism is available to migrate the Internal and LDAP login configuration in CentraSite.
CentraSite provides a command tool named generate JaasConfiguration for this purpose.
The tool generates the InternalLoginModule and LDAPLoginModule entries that correspond to the old Internal and LDAP configurations and saves the entries in the jaas.config file in the folder Software AG_directory/profiles/CTP/configuration. For each configured LDAP domain, the script creates user and group files that map internal (CentraSite) properties to external (LDAP) properties and saves the files in the Software AG_directory/profiles/CTP/configuration/com.softwareag.platform.config.propsloader directory.
The sample Jaas configuration file is as follows.
CentraSite {
com.softwareag.security.jaas.login.internal.InternalLoginModule sufficient
domain="INTERNAL"
alias="INTERNAL"
applyDomain="true"
create_group_principal="false"
internalRepository="C:/SoftwareAG/common/conf/users.txt";
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule required
domain="EUR"
url="ldap://ldap-server:389"
createGroupProperties="true"
creategroups="true"
dnprefix="cn="
noPrinIsAnonymous="false"
usecaching="false"
alias="EUR"
personobjclass="inetOrgPerson"
useaf="true"
grouprootdn="DC=EUR,DC=example,DC=com"
userrootdn="DC=EUR,DC=example,DC=com"
memberinfoingroups="false"
dnsuffix=",ou=user,OU=Germany,DC=EUR,DC=example,DC=com"
applyDomain="true"
createUserProperties="true"
groupobjclass="group"
uidprop="sAMAccountName";
};
Note:
The generate JaasConfiguration command transforms only domains of type Internal and LDAP. If you have advanced JAAS configurations such as single-sign-on configurations, you must migrate them manually.
If you start the command line tool with no parameters, you will receive a help text summarizing the required input parameters.
If you omit the passwords from the command, you are prompted to provide them.
To transform and migrate Internal and LDAP configurations to JAAS configuration
Run the command generate JaasConfiguration. The syntax is of the format: C:\SoftwareAG\CentraSite\utilities>CentraSiteCommand.cmd generate JaasConfiguration [-url <CENTRASITE-URL>] -user <USER-ID> -password <PASSWORD>
The input parameters are:
Parameter | Description |
CENTRASITE-URL | (Optional). The URL of the CentraSite registry. Default value is http://localhost:53307. |
USER-ID | The user ID of a registered CentraSite user. For example, a user who has the CentraSite Administrator role. |
PASSWORD | The password for the registered CentraSite user identified by the parameter USER-ID. |
Example (all in one line):
C:\SoftwareAG\CentraSite\utilities>CentraSiteCommand.cmd generate JaasConfiguration -url http://localhost:53307/CentraSite/CentraSite -user Administrator -password manage
The response to this command could be:
Executing the command : generate JaasConfiguration
Successfully executed the command : generate JaasConfiguration