Example of Configuring LDAP Authentication
You can set up LDAP Authentication by executing the following command in the command line interface CentraSiteCommand.cmd (Windows) or CentraSiteCommand.sh (UNIX) of CentraSite. The command line tool is located in the directory <CentraSiteInstallDir>/utilities.
The command to start the command line tool is as follows. The example assumes that there is a user AdminUser who has the CentraSite Administrator role, and this user has the password AdminPass.
C:\SoftwareAG\CentraSite\utilities>CentraSiteCommand.cmd set Authentication -domain SAG
The sample interactive dialog is as follows. During each step of the command, the server prompts you to enter the basic details for LDAP authentication.
===================================================================
Step 1 - LDAP Server Configuration
---------------------------------------------------------------------------
Configuration Enabled (Y/N) [Y]:
URL of the LDAP server (ldap(s)://host:port): ldaps://ceres:10636
Connection Timeout (Milliseconds) [5000]:
Do you want to use the LDAP Technical user (Y/N) [N]: y
Principal (Technical User) DN: cn=techuser,ou=people,ou=gdm,o=sag
Password of Technical User:
Truststore Type (JKS, PKCS12): jks
URL of Truststore Location: file:/C:/TMP/trusted.ks
Truststore Password:
Keystore Type (JKS, PKCS12):
URL of Keystore Location:
Keystore Password:
----------------------------------------------------------------------------
Check 1 - Verifying LDAP Server Configuration. Please wait...
LDAP Server Configuration validated successfully.
Repeat configuration step, Continue, or End? (R/C/E) [C]:
============================================================================
Step 2 - User Information Configuration
----------------------------------------------------------------------------
User Id. Attribute [cn]:
User Root DN (Location to be searched for users): ou=people,ou=gdm,o=sag
User Object Class [inetOrgPerson]:
User id. that is used to verify login: psinger
Password that is used to verify login:
----------------------------------------------------------------------------
Check 2 - Verifying User Configuration. Please wait...
User logged in successfully.
Search for user was successful.
User Configuration validated successfully.
Repeat configuration step, Continue, or End? (R/C/E) [C]:
============================================================================
Step 3 - User Mapping Configuration
----------------------------------------------------------------------------
emailAddresses:emailAddress:address : mail
personName:firstName : givenName
personName:fullName : displayName
personName:lastName : sn
postalAddresses:postalAddress:postalCode : postalCode
postalAddresses:postalAddress:streetNumber: postalAddress
telephoneNumbers:telephoneNumber:number : telephoneNumber
Do you want to keep this mapping (Y/N) [Y]:
Search criteria to verify the search for users [cn=userid*]: cn=ino*
----------------------------------------------------------------------------
Check 3 - Verifying User Mapping Configuration. Please wait...
The following attributes have been retrieved for user "psinger":
displayName : Peter Singer
mail : psinger@gdm.sag
givenName : Peter
sn : Singer
telephoneNumber: +49 6151 92 0001
The following users match the search criteria "cn=ino*"
(only first ten are displayed):
SAG\inosec1
SAG\inosec10
SAG\inosec2
SAG\inosec3
SAG\inosec4
SAG\inosec5
SAG\inosec6
SAG\inosec7
SAG\inosec8
SAG\inosec9
SAG\inotst
User Mapping Configuration validated successfully.
Repeat configuration step, Continue, or End? (R/C/E) [C]:
================================================================================
Step 4 - Group Information Configuration
--------------------------------------------------------------------------------
Group Id. Attribute [cn]:
Group Root DN (Location to be searched for groups): ou=groups,ou=gdm,o=sag
Group Object Class [group]: groupOfUniqueNames
Group id. that is used to verify settings: ManageAssets
--------------------------------------------------------------------------------
Check 4 - Verifying Group Configuration. Please wait...
Group Configuration validated successfully.
Repeat configuration step, Continue, or End? (R/C/E) [C]:
================================================================================
Step 5 - Group Mapping Configuration
--------------------------------------------------------------------------------
Please provide your LDAP attributes for groups
description: description
Search criteria to verify the search for groups [cn=groupid*]: cn=*
--------------------------------------------------------------------------------
Check 5 - Verifying Group Mapping Configuration. Please wait...
The following attributes have been retrieved for group "ManageAssets":
description: manage assets
The following groups match the search criteria "cn=*"
(only first ten are displayed):
SAG\Communiqu�
SAG\FineGroup
SAG\group1
SAG\HighSearch
SAG\inosecgroup
SAG\invalidgroup
SAG\ldadmingroup
SAG\ldadmingroup1
SAG\ldadmingroup2
SAG\ldusergroup
SAG\ManageAssets
Group Mapping Configuration validated successfully.
Repeat configuration step, Continue, or End? (R/C/E) [C]:
================================================================================
Step 6 - Group Resolution Configuration
--------------------------------------------------------------------------------
Membership Attribute is on Group Object (Y/N) [N]: y
Membership Attribute: uniqueMember
Recursive Depth for Group Search [0]: 1
--------------------------------------------------------------------------------
Check 6 - Group Resolution Configuration
User "psinger" belongs to the following groups:
SAG\group1
SAG\FineGroup
Group Resolution Configuration validated successfully.
Repeat configuration step, Continue, or End? (R/C/E) [C]:
================================================================================
Step 7 - Save Configuration
--------------------------------------------------------------------------------
Do you really want to save the configuration (Y/N): y
Configuration has been successfully saved.
Successfully executed the command : set Authentication
Contact Support
|
Community
|
Feedback