Software AG Products 10.7 | Administering CentraSite | Configuring CentraSite | Configuring User Authentication and Repositories | Configuring LDAP Authentication Type | Configuring LDAP Authentication
 
Configuring LDAP Authentication
Pre-requisites:
To add a new (LDAP) authentication configuration through the CentraSite Command Line Interface, you must have the CentraSite Administrator role.
CentraSite provides a command tool named set Authentication for this purpose.
Beginning with version 9.10, the command tool has been enhanced to offer stricter validation. This validation behaviour allows CentraSite to simultaneously verify the newly added LDAP authentication configuration.
The set Authentication command opens an interactive dialog that prompts you to enter the basic details for LDAP authentication.
Note:
When executing the set Authentication command, CentraSite always resets some of your LDAP configuration properties to their default values. Such LDAP properties and their default values are summarized below:
*alias to domain
*applyDomain to true
*createGroupProperties totrue
*createGroups to true
*createUserProperties to true
*useaf to false
*usecaching to false
After executing the set Authentication command, any changes you make to these LDAP properties will be lost.
*Run the command set Authentication.
The syntax is of the format: C:\SoftwareAG\CentraSite\utilities>CentraSiteCommand.cmd set Authentication -domain <DOMAIN>
Example (all in one line):
C:\SoftwareAG\CentraSite\utilities>CentraSiteCommand.cmd set Authentication -domain SAG
The sample interactive dialog is as follows. During each step of the command, the server prompts you to enter the basic details for LDAP authentication.
===================================================================
Step 1 - LDAP Server Configuration
---------------------------------------------------------------------------

Configuration Enabled (Y/N) [Y]:
URL of the LDAP server (ldap(s)://host:port): ldaps://ceres:10636
Connection Timeout (Milliseconds) [5000]:

Do you want to use the LDAP Technical user (Y/N) [N]: y
Principal (Technical User) DN: cn=techuser,ou=people,ou=gdm,o=sag
Password of Technical User:

Truststore Type (JKS, PKCS12): jks
URL of Truststore Location: file:/C:/TMP/trusted.ks
Truststore Password:
Keystore Type (JKS, PKCS12):
URL of Keystore Location:
Keystore Password:

----------------------------------------------------------------------------
Check 1 - Verifying LDAP Server Configuration. Please wait...

LDAP Server Configuration validated successfully.

Repeat configuration step, Continue, or End? (R/C/E) [C]:

============================================================================
Step 2 - User Information Configuration
----------------------------------------------------------------------------

User Id. Attribute [cn]:
User Root DN (Location to be searched for users): ou=people,ou=gdm,o=sag
User Object Class [inetOrgPerson]:

User id. that is used to verify login: psinger
Password that is used to verify login:

----------------------------------------------------------------------------
Check 2 - Verifying User Configuration. Please wait...

User logged in successfully.
Search for user was successful.
User Configuration validated successfully.

Repeat configuration step, Continue, or End? (R/C/E) [C]:

============================================================================
Step 3 - User Mapping Configuration
----------------------------------------------------------------------------

emailAddresses:emailAddress:address : mail
personName:firstName : givenName
personName:fullName : displayName
personName:lastName : sn
postalAddresses:postalAddress:postalCode : postalCode
postalAddresses:postalAddress:streetNumber: postalAddress
telephoneNumbers:telephoneNumber:number : telephoneNumber

Do you want to keep this mapping (Y/N) [Y]:

Search criteria to verify the search for users [cn=userid*]: cn=ino*

----------------------------------------------------------------------------
Check 3 - Verifying User Mapping Configuration. Please wait...

The following attributes have been retrieved for user "psinger":
displayName : Peter Singer
mail : psinger@gdm.sag
givenName : Peter
sn : Singer
telephoneNumber: +49 6151 92 0001

The following users match the search criteria "cn=ino*"
(only first ten are displayed):
SAG\inosec1
SAG\inosec10
SAG\inosec2
SAG\inosec3
SAG\inosec4
SAG\inosec5
SAG\inosec6
SAG\inosec7
SAG\inosec8
SAG\inosec9
SAG\inotst

User Mapping Configuration validated successfully.

Repeat configuration step, Continue, or End? (R/C/E) [C]:

============================================================================
Step 4 - Group Information Configuration
----------------------------------------------------------------------------

Group Id. Attribute [cn]:
Group Root DN (Location to be searched for groups): ou=groups,ou=gdm,o=sag
Group Object Class [group]: groupOfUniqueNames

Group id. that is used to verify settings: ManageAssets

----------------------------------------------------------------------------
Check 4 - Verifying Group Configuration. Please wait...

Group Configuration validated successfully.

Repeat configuration step, Continue, or End? (R/C/E) [C]:

============================================================================
Step 5 - Group Mapping Configuration
----------------------------------------------------------------------------

Please provide your LDAP attributes for groups
description: description

Search criteria to verify the search for groups [cn=groupid*]: cn=*

----------------------------------------------------------------------------
Check 5 - Verifying Group Mapping Configuration. Please wait...

The following attributes have been retrieved for group "ManageAssets":
description: manage assets

The following groups match the search criteria "cn=*"
(only first ten are displayed):
SAG\Communiqu�
SAG\FineGroup
SAG\group1
SAG\HighSearch
SAG\inosecgroup
SAG\invalidgroup
SAG\ldadmingroup
SAG\ldadmingroup1
SAG\ldadmingroup2
SAG\ldusergroup
SAG\ManageAssets

Group Mapping Configuration validated successfully.

Repeat configuration step, Continue, or End? (R/C/E) [C]:

============================================================================
Step 6 - Group Resolution Configuration
----------------------------------------------------------------------------

Membership Attribute is on Group Object (Y/N) [N]: y
Membership Attribute: uniqueMember
Recursive Depth for Group Search [0]: 1

----------------------------------------------------------------------------
Check 6 - Group Resolution Configuration

User "psinger" belongs to the following groups:
SAG\group1
SAG\FineGroup

Group Resolution Configuration validated successfully.

Repeat configuration step, Continue, or End? (R/C/E) [C]:

============================================================================
Step 7 - Save Configuration
----------------------------------------------------------------------------

Do you really want to save the configuration (Y/N): y

Configuration has been successfully saved.

Successfully executed the command : set Authentication