Configure JCAPS and OpenDS

This quick documentation is not really in deep, but list a few easy steps (cut&paste) to configure JCAPS using OpenDS.

1) Install OpenDS.

https://opends.dev.java.net/public/downloads_index.html

2) Configure OpenDS

https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool

- No example data required.
- No SSL required.
- Change dc=example, dc=com by dc=sun, dc=com

3) Modify LDAP structure

You have to create JCAPS roles and users.

3.1) If none, you have to create the LDAP structure

Unix : \\bin\\ldapmodify
Windows : \\bat\\ldapmodify.bat

ldapmodify -h locahost -p port -D "cn=Directory Manager" -p adminadmin -a -f

Where :

dn: ou=People, dc=sun, dc=com
objectClass: top
objectClass: organizationalUnit
ou: people

Where :

dn: ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: organizationalUnit
ou: CAPSRoles

3.2) Create users

This is going to be your new administrator user with JCAPS and OpenDS

ldapmodify -h locahost -p port -D "cn=Directory Manager" -p adminadmin -a -f

Where :

dn: uid=Admin,ou=People,dc=sun,dc=com
cn: Admin
sn: Administrator
userPassword: adminadmin
givenName: Admin
objectClass: person
objectClass: inetOrgPerson
objectClass: top
objectClass: organizationalPerson
ou:People

3.3) Create roles for Enterprise Designer

ldapmodify -h locahost -p port -D "cn=Directory Manager" -p adminadmin -a -f

Where :

dn: cn=all, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: all
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=administration, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: administration
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=management, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: management
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

3.4) Create roles for Enterprise Manager

ldapmodify -h locahost -p port -D "cn=Directory Manager" -p adminadmin -a -f

Where :

dn: cn=deployment, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: deployment
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=user management, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: user management
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=read-only monitor, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: read-only monitor
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=controling monitor, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: controling monitor
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=JMS read-only monitor, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: JMS read-only monitor
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=JMS read-write monitor, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: JMS read-write monitor
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=manager, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: manager
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

4) Configure Respository

This step provide you repository and Enterprise Designer access to it.

Change next on the server.xml file in the \\repository\\server\\conf directory


and use :

connectionURL="ldap://localhost:389"
userBase="ou=People,dc=sun,dc=com"
userSearch="(uid={0})"
userSubtree="true"
roleBase="ou=CAPSRoles,dc=sun,dc=com"
roleName="cn"
roleSearch="(uniquemember={0})"
roleSubtree="true"
/>

Now, you can start up the repository and use OpenDS configuration for login using repository admin page or Enterprise Designer

5) Configure Enterprise Manager

This step provide LDAP integration with Enterprise Manager.

Change next into web.xml file in the \\emanager\\server\\webapps\\sentinel\\WEB-INF directory

    
        com.stc.emanager.sentinel.authHandler
        com.stc.cas.auth.provider.tomcat.TomcatPasswordHandler
        
        And use :

        com.stc.cas.auth.provider.ldap.LDAPHandler
    

delete data at your ldap.properties file in the \\emanager\\server\\webapps\\sentinel\\WEBINF\\classes directory and copy this data

# Sample properties for Active Directory server
#com.stc.sentinel.auth.ldap.serverType=ActiveDirectory
#com.stc.sentinel.auth.ldap.serverUrl=ldap://localhost:389
#com.stc.sentinel.auth.ldap.searchFilter=sAMAccountName=%u
#com.stc.sentinel.auth.ldap.searchBase=CN=Users,DC=icandev,DC=com
#com.stc.sentinel.auth.ldap.searchScope=sub
#com.stc.sentinel.auth.ldap.bindDN=CN=Administrator,CN=Users,DC=icandev,DC=com
#com.stc.sentinel.auth.ldap.bindPassword=secret
#com.stc.sentinel.auth.ldap.referral=follow
#com.stc.sentinel.auth.ldap.roleAttribute=memberof
#com.stc.sentinel.auth.ldap.rolePattern=CN=%u,OU=ican51

# Sample properties for Sun Java System Directory Server
#com.stc.sentinel.auth.ldap.serverType=SunLDAP
#com.stc.sentinel.auth.ldap.serverUrl=ldap://localhost:389
#com.stc.sentinel.auth.ldap.searchFilter=uid=%u
#com.stc.sentinel.auth.ldap.searchBase=ou=ican51,dc=stc,dc=com
#com.stc.sentinel.auth.ldap.searchScope=sub
#com.stc.sentinel.auth.ldap.bindDN=uid=Administrator,ou=ican51,dc=stc,dc=com
#com.stc.sentinel.auth.ldap.bindPassword=secret
#com.stc.sentinel.auth.ldap.roleAttribute=nsroledn

# Sample properties for OpenLDAP server
#com.stc.sentinel.auth.ldap.serverType=OpenLDAP
#com.stc.sentinel.auth.ldap.serverUrl=ldap://localhost:389
#com.stc.sentinel.auth.ldap.searchFilter=uid=%u
#com.stc.sentinel.auth.ldap.searchBase=OU=People,DC=stc,DC=com
#com.stc.sentinel.auth.ldap.searchScope=sub
#com.stc.sentinel.auth.ldap.bindDN=CN=Manager,DC=stc,DC=com
#com.stc.sentinel.auth.ldap.bindPassword=secret
#com.stc.sentinel.auth.ldap.referral=follow
#com.stc.sentinel.auth.ldap.roleAttribute=uniquemember
#com.stc.sentinel.auth.ldap.roleBaseDN=OU=ican51,DC=stc,DC=com

# Sample properties for OpenDS server
com.stc.sentinel.auth.ldap.serverType=OpenDS
com.stc.sentinel.auth.ldap.serverUrl=ldap://localhost:389
com.stc.sentinel.auth.ldap.searchFilter=uid=%u
com.stc.sentinel.auth.ldap.searchBase=OU=People,DC=sun,DC=com
com.stc.sentinel.auth.ldap.searchScope=sub
com.stc.sentinel.auth.ldap.bindDN=CN=Directory Manager
com.stc.sentinel.auth.ldap.bindPassword=adminadmin
com.stc.sentinel.auth.ldap.referral=follow
com.stc.sentinel.auth.ldap.roleAttribute=uniquemember
com.stc.sentinel.auth.ldap.roleBaseDN=OU=CAPSRoles,DC=sun,DC=com

6) Configure LH and JMS

Not done.

7) Configure WLM

Not done.

Finally OpenDS Picture should be :

This is only an example using OpenDS
Probably you could use other LDAP.

Enjoy and good luck.
Comments:

Post a Comment:
  • HTML Syntax: NOT allowed
About

General discussion in English and/or Spanish mainly about life in a new feeling and SOA, JES components and Java in general in the software arena.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today