This week I got a great surprise in my mailbox, no, I had not won the Readers Digest grand draw, I got a mail from Ambarish Mitra, he responded to my plea on the forum for blog content. It's great getting information, tips and walkthroughs out through this medium, its a very free format and I can be very reactive and responsive to questions on the forum and through mail that I think might have a wider appeal. But as you might imagine posting regularly to a technical blog is not a small undertaking. I have consciously stayed away from a Dexter diatribe, yeah I witter on about the weather sometimes but Im British for heavens sake. I do have a more light hearted blog about our new life in Colorado but here all you'll get is good ol technical content that should be useful to you when working with BIP.
So, Ambarish's mail was very welcome, he spent some time reasearching and testing integrating OpenLDAP with BIP. He has documented the set up below, if you try it out and have comments please let us know using the comment link and we'll get back to you.
If you, dear reader, have anything you wish to share, tips, hints, experiences, anything at all, drop me a mail with some notes, files, etc and I'll format it. You'll have my eternal thanks and get on the 'BIP Bloggers' list (see right) and become rich and famous ... OK, I can not promise riches and maybe it will be infamy.
Open LDAP Integration with BIP
References
1) Oracle® XML Publisher Enterprise User痴 Guide Release 5.6.2 Part No. B25951-01 April 2006
2) www.openldap.org
3) RFC 2849: LDIF format http://tools.ietf.org/rfc/rfc2849.txt
Software/Platforms
Redhat Linux AS 4.0 box:
- Oracle DB server 10.1.0.5
- XML Publisher (Also, called BI publisher) 5.6.2
- Tomcat 5.5.16
- openldap 2.3.8
Windows 2000
- Template Builder for word (Windows) version 5.6 Build 45
Setup
1) Install and configure openldap according to the instructions given in www.openldap.org; ensure that all dependencies are met.
Configure the slapd.conf file in this manner: (only snippets presented, see man slapd.conf(5) for more details)
Note: In the following,
- replace $LOCAL with whatever is your directory,
- in suffix, change "company" to your company name
- change rootdn and rootpw.
- Change index according to your convenience. Read the man pages and openldap admin guide for more information.
<file snippet>
include $LOCAL/etc/openldap/schema/core.schema
include $LOCAL/etc/openldap/schema/cosine.schema
include $LOCAL/etc/openldap/schema/inetorgperson.schema
....
pidfile $LOCAL/var/run/slapd.pid
argsfile $LOCAL/var/run/slapd.args
....
database bdb
suffix "dc=company,dc=com"
rootdn "cn=Manager,dc=company,dc=com"
...
rootpw oracle
...
directory $LOCAL/var/openldap-data
# Indices to maintain
index cn,sn,uid pres,eq,approx,sub
index objectClass eq
....
</file snippet>
2) Upload some user profiles in the LDAP server.
Create an LDIF file according to the following:
Note:
- change the company according to what you have put in slapd.conf for suffix.
- change the cn=Manager according to what you have put in rootdn in slapd.conf
- change the uniqueMember according to your directory
<file snippet>
# Base DN.
dn: dc=company,dc=com
objectClass: dcObject
objectClass: organization
dc: company
o: My Company Name
description: My Company Name, Location
# Organizational Role for Directory Manager
dn: cn=Manager,company,dc=com
objectClass: organizationalRole
cn: Manager
description: Manager
# Put any other entries that you would like to add to the directory.
# Follow the LDIF format according to the RFC.
# The following entries are needed for the XMLP integration. That is what the
# XMLP users guide says (Section 5.5). Also, the last entry is for a new role.
dn: ou=Enterprise Roles,dc=company,dc=com
objectClass: organizationalUnit
ou: Enterprise Roles
description: Enterprise Roles (XMLP publisher)
dn: cn=XMLP_ADMIN, ou=Enterprise Roles, dc=company,dc=com
objectclass:groupOfUniqueNames
uniqueMember:cn=Manager,dc=company,dc=com
cn: XMLP_ADMIN
dn: cn=XMLP_DEVELOPER, ou=Enterprise Roles, dc=company,dc=com
objectclass:groupOfUniqueNames
uniqueMember:cn=Manager,dc=company,dc=com
cn: XMLP_DEVELOPER
dn: cn=XMLP_SCHEDULER, ou=Enterprise Roles, dc=company,dc=com
objectclass:groupOfUniqueNames
uniqueMember:cn=Manager,dc=company,dc=com
cn: XMLP_SCHEDULER
dn: cn=XMLP_ANALYZER_EXCEL, ou=Enterprise Roles, dc=company,dc=com
objectclass:groupOfUniqueNames
uniqueMember:cn=Manager,dc=company,dc=com
cn: XMLP_ANALYZER_EXCEL
dn: cn=XMLP_ANALYZER_ONLINE, ou=Enterprise Roles, dc=company,dc=com
objectclass:groupOfUniqueNames
uniqueMember:cn=Manager,dc=company,dc=com
cn: XMLP_ANALYZER_ONLINE
dn: cn=XMLP_DEMONSTRATOR, ou=Enterprise Roles, dc=company,dc=com
objectclass:groupOfUniqueNames
uniqueMember:cn=Manager,dc=company,dc=com
cn: XMLP_DEMONSTRATOR
</file snippet>
3) Now, add this to the LDAP:
ldapadd -f <filename>.ldif -x -D "cn=Manager,dc=company,dc=com" -w oracle
where, -f <filename>.ldif is the LDIF file that you wish to upload
-x is to use simple authentication, not SASL
-D is the credential dn (rootdn)
-w is the password (rootpw)
See the man pages of ldapadd/ldapmodify for more information.
4) Use any LDAP client to see that the data is added to the directory.
5) Now, open the $TOMCAT/webapps/xmlpserver/WEB-INF/xmlp-server-config.xml file, and edit/add the following:
Note:
- change the LDAP_server to your hostname
- change the port to where the LDAP server is listening (default: 389)
- make all other changes necessary
<file snippet>
....
<property name="LDAP_PROVIDER_URL" value="ldap://LDAP_server:port/"/>
<property name="LDAP_PROVIDER_ADMIN_USERNAME" value="Manager"/>
<property name="LDAP_PROVIDER_ADMIN_PASSWORD" value="oracle"/>
<property name="LDAP_PROVIDER_USER_DN" value="dc=company,dc=com"/>
<!-- <property name="LDAP_PROVIDER_FACTORY" value="com.sun.jndi.ldap.LdapCtxFactory"/>-->
<property name="LDAP_PROVIDER_GROUP_SEARCH" value="(&(objectclass=groupofuniquenames)(cn=*))"/>
<property name="LDAP_PROVIDER_GROUP_SEARCH_ROOT" value="dc=company,dc=com"/>
<property name="LDAP_PROVIDER_GROUP_ATTR_NAME" value="cn"/>
<property name="LDAP_PROVIDER_GROUP_ATTR_MEMBER" value="uniquemember"/>
<property name="LDAP_PROVIDER_GROUP_ATTR_DESCRIPTION" value="description"/>
...
</file snippet>
6) Restart the tomcat server.
7) Now, open a XML window and login with: username/password
where:
username is "Manager" (rootdn without the cn=)
password is "oracle" (rootpw)
and you're done ...