Software AG Security Infrastructure provides a tool
(createTechUserCreds.exe and
createTechUserCreds) with which you can create technical
user credential files. At a later stage, you use these files with the
SSXLoginModule
and thus search for and discover LDAP
users securely on LDAP servers that do not support anonymous requests. By
default, the tool is available in the following directory on the file system:
C:/Software
AG_directory/common/security/ssx_32(64)/bin/. To start
the createTechUserCreds tool, you can use a command
prompt. When you start the tool, you enter a user name and a password which are
then encrypted and provided in the result text file.
Optionally, you can specify and use a key file to encrypt the technical user content in the result. A key file is an alternative file that is used for encryption of the result. The file encloses a string of 64 hexadecimal ASCII characters (digits 0-9, and lower case letters a-f). The initial 32 characters denote the alternate AES key and the final 32 characters denote the initialization vector.
Note:
To use this tool, the SSX libraries must be in the library path of
the system environment settings (the exact name of the property is different
for the different operating systems). SSX libraries are located in the bin
directory on Windows and in lib directory on UNIX based operating
systems.
To create a technical user credentials file
Using the command prompt, open the following directory: Software AG_directory\ common\runtime\security\bin
You cannot start the tool from a different location on the file system.
Depending on the operating system, start the tool using one of the following commands:
Windows
createTechUserCreds.exe –f <result file
name> -k <key file name>
<user ID>
UNIX
./createTechUserCreds –f <result file
name> -k <key file name>
<user ID>
When you execute the tool without specifying an argument for the result file name, it still creates a text file with the corresponding technical user credentials. The file is created in the same directory in which you started the tool and has a predefined default name (techuser). To customize the invocation of the tool in the means of invocation parameters, you can use a set of pre-defined optional arguments. The available arguments and the corresponding descriptions are as follows:
Argument | Description |
---|---|
-f |
Provide a name for the result text file which contains the technical user credentials. If you do not use this argument the tool creates a default result file. |
-k |
Provide an alternative key file to encrypt the result text file that contains the technical user credentials. |
user ID |
Provide full DN of the technical user or user name. |
Press Enter and then provide the password.
createTechUserCreds.exe –f <result file
name> -k <keystore file name>
<user ID>
./ createTechUserCreds –f <result file
name> -k <keystore file name>
<user ID>
The following examples provide information about more typical use cases of the tool:
createTechUserCreds.exe –f techUser.txt
cn=testuser,dc=testdomain,dc=com
createTechUserCreds.exe –f techUser.txt
–k key.keystore
cn=testuser,dc=testdomain,dc=com
The tool creates a text file, which contains the encrypted technical
user credentials, and stores it in the same directory in which you started it.
As a next step, you can provide the file to the
SSXLoginModule
and search for LDAP users.