LDAP Authentication
No LDAP server is shipped with Redwood Platform, however, most IT landscapes have at least one LDAP server that could be used. You can also set one up specifically for use with Redwood Server, however, instructions on how to do this are out of the scope of this guide. OpenLDAP is an open source alternative, please refer to the OpenLDAP Quick Start guide for more information.
The following table illustrates LDAP attributes and their values in OpenLDAP and Microsoft Active Directory, other LDAP implementations may require different values, please refer to your LDAP Administrator if your LDAP implementation is Active Directory or not listed.
| Attribute | OpenLDAP | Active Directory |
|---|---|---|
| connectionUrl | myLdapServer:389 | myLdapServer:3268 |
| userBase | ou=Users | cn=Users |
| userSearch | uid={0} | samAccountName={0} |
| roleBase | ou=Groups | cn= |
| roleName | cn | cn |
| roleSearch | uniqueMember={0} | member={0} |
note
Roles correspond to the groups defined in your LDAP environment, this means that a group "scheduler-user", and a group "scheduler-manager" have to exist within your schema. Please create them if thy do not already exist.
Procedure
To configure Redwood Platform to make use of LDAP,
- Open
<install_dir>/j2ee/cluster/server1/conf/server.xml. - Comment-out the UserDatabaseRealm, see the UserDatabaseRealm section below below.
- Uncomment the JNDIRealm, see the JNDIRealm section below.
- Replace the example entries (prefixed with my) with real values, refer to the Data section below.
UserDatabaseRealm
<Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" />
Comment it out as follows:
{<!-- Realm className="org.apache.catalina.realm.UserDatabaseRealm"
resourceName="UserDatabase" -->
JNDIRealm
- Uncomment the JNDIRealm, locate the following code:
<!-- Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://myServer.myDomain.com:389"
userBase="ou=myContainer,dc=myDomain,dc=mySuffix"
userSearch="uid={0}"
roleBase="ou=myContainer,dc=myDomain,dc=mySuffix"
roleName="cn"
roleSearch="memberUid={1}" -->
Uncomment it like this:
<Realm className="org.apache.catalina.realm.JNDIRealm"
connectionURL="ldap://myServer.myDomain.com:389"
userBase="ou=myContainer,dc=myDomain,dc=mySuffix"
userSearch="uid={0}"
roleBase="ou=myContainer,dc=myDomain,dc=mySuffix"
roleName="cn"
roleSearch="memberUid={1}"/>
Data
| Attribute | OpenLDAP | Active Directory |
|---|---|---|
| connectionUrl | myLdapServer:389 | myLdapServer:3268 |
| userBase | ou=Users | cn=Users |
| userSearch | uid={0} | samAccountName={0} |
| roleBase | ou=Groups | cn= |
| roleName | cn | cn |
| roleSearch | uniqueMember={0} | member={0} |
financeTopic
onsiteTopic