Configure JCAPS and OpenDS

This quick documentation is not really in deep, but list a few easy steps (cut&paste) to configure JCAPS using OpenDS.

1) Install OpenDS.

https://opends.dev.java.net/public/downloads_index.html

2) Configure OpenDS

https://www.opends.org/wiki/page/OverviewOfTheQuickSetupTool

- No example data required.
- No SSL required.
- Change dc=example, dc=com by dc=sun, dc=com

3) Modify LDAP structure

You have to create JCAPS roles and users.

3.1) If none, you have to create the LDAP structure

Unix : \bin\ldapmodify
Windows : \bat\ldapmodify.bat

ldapmodify -h locahost -p port -D "cn=Directory Manager" -p adminadmin -a -f

Where :

dn: ou=People, dc=sun, dc=com
objectClass: top
objectClass: organizationalUnit
ou: people

Where :

dn: ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: organizationalUnit
ou: CAPSRoles

3.2) Create users

This is going to be your new administrator user with JCAPS and OpenDS

ldapmodify -h locahost -p port -D "cn=Directory Manager" -p adminadmin -a -f

Where :

dn: uid=Admin,ou=People,dc=sun,dc=com
cn: Admin
sn: Administrator
userPassword: adminadmin
givenName: Admin
objectClass: person
objectClass: inetOrgPerson
objectClass: top
objectClass: organizationalPerson
ou:People

3.3) Create roles for Enterprise Designer

ldapmodify -h locahost -p port -D "cn=Directory Manager" -p adminadmin -a -f

Where :

dn: cn=all, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: all
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=administration, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: administration
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=management, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: management
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

3.4) Create roles for Enterprise Manager

ldapmodify -h locahost -p port -D "cn=Directory Manager" -p adminadmin -a -f

Where :

dn: cn=deployment, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: deployment
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=user management, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: user management
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=read-only monitor, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: read-only monitor
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=controling monitor, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: controling monitor
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=JMS read-only monitor, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: JMS read-only monitor
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=JMS read-write monitor, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: JMS read-write monitor
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

Where :

dn: cn=manager, ou=CAPSRoles, dc=sun, dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: manager
ou: CAPSRoles
uniqueMember: uid=Admin, ou=People, dc=sun, dc=com

4) Configure Respository

This step provide you repository and Enterprise Designer access to it.

Change next on the server.xml file in the \repository\server\conf directory

and use :

connectionURL="ldap://localhost:389"
userBase="ou=People,dc=sun,dc=com"
userSearch="(uid={0})"
userSubtree="true"
roleBase="ou=CAPSRoles,dc=sun,dc=com"
roleName="cn"
roleSearch="(uniquemember={0})"
roleSubtree="true"
/>

Now, you can start up the repository and use OpenDS configuration for login using repository admin page or Enterprise Designer

5) Configure Enterprise Manager

This step provide LDAP integration with Enterprise Manager.

Change next into web.xml file in the \emanager\server\webapps\sentinel\WEB-INF directory 

    
        com.stc.emanager.sentinel.authHandler
        com.stc.cas.auth.provider.tomcat.TomcatPasswordHandler
        
        And use :

        com.stc.cas.auth.provider.ldap.LDAPHandler

delete data at your ldap.properties file in the \emanager\server\webapps\sentinel\WEBINF\classes directory and copy this data

# Sample properties for Active Directory server
#com.stc.sentinel.auth.ldap.serverType=ActiveDirectory
#com.stc.sentinel.auth.ldap.serverUrl=ldap://localhost:389
#com.stc.sentinel.auth.ldap.searchFilter=sAMAccountName=%u
#com.stc.sentinel.auth.ldap.searchBase=CN=Users,DC=icandev,DC=com
#com.stc.sentinel.auth.ldap.searchScope=sub
#com.stc.sentinel.auth.ldap.bindDN=CN=Administrator,CN=Users,DC=icandev,DC=com
#com.stc.sentinel.auth.ldap.bindPassword=secret
#com.stc.sentinel.auth.ldap.referral=follow
#com.stc.sentinel.auth.ldap.roleAttribute=memberof
#com.stc.sentinel.auth.ldap.rolePattern=CN=%u,OU=ican51

# Sample properties for Sun Java System Directory Server
#com.stc.sentinel.auth.ldap.serverType=SunLDAP
#com.stc.sentinel.auth.ldap.serverUrl=ldap://localhost:389
#com.stc.sentinel.auth.ldap.searchFilter=uid=%u
#com.stc.sentinel.auth.ldap.searchBase=ou=ican51,dc=stc,dc=com
#com.stc.sentinel.auth.ldap.searchScope=sub
#com.stc.sentinel.auth.ldap.bindDN=uid=Administrator,ou=ican51,dc=stc,dc=com
#com.stc.sentinel.auth.ldap.bindPassword=secret
#com.stc.sentinel.auth.ldap.roleAttribute=nsroledn

# Sample properties for OpenLDAP server
#com.stc.sentinel.auth.ldap.serverType=OpenLDAP
#com.stc.sentinel.auth.ldap.serverUrl=ldap://localhost:389
#com.stc.sentinel.auth.ldap.searchFilter=uid=%u
#com.stc.sentinel.auth.ldap.searchBase=OU=People,DC=stc,DC=com
#com.stc.sentinel.auth.ldap.searchScope=sub
#com.stc.sentinel.auth.ldap.bindDN=CN=Manager,DC=stc,DC=com
#com.stc.sentinel.auth.ldap.bindPassword=secret
#com.stc.sentinel.auth.ldap.referral=follow
#com.stc.sentinel.auth.ldap.roleAttribute=uniquemember
#com.stc.sentinel.auth.ldap.roleBaseDN=OU=ican51,DC=stc,DC=com

# Sample properties for OpenDS server
com.stc.sentinel.auth.ldap.serverType=OpenDS
com.stc.sentinel.auth.ldap.serverUrl=ldap://localhost:389
com.stc.sentinel.auth.ldap.searchFilter=uid=%u
com.stc.sentinel.auth.ldap.searchBase=OU=People,DC=sun,DC=com
com.stc.sentinel.auth.ldap.searchScope=sub
com.stc.sentinel.auth.ldap.bindDN=CN=Directory Manager
com.stc.sentinel.auth.ldap.bindPassword=adminadmin
com.stc.sentinel.auth.ldap.referral=follow
com.stc.sentinel.auth.ldap.roleAttribute=uniquemember
com.stc.sentinel.auth.ldap.roleBaseDN=OU=CAPSRoles,DC=sun,DC=com

6) Configure LH and JMS

Not done.

7) Configure WLM

Not done.

Finally OpenDS Picture should be : 

This is only an example using OpenDS
Probably you could use other LDAP.

Enjoy and good luck.

Posted on: Sep 26, 2007

Posted by: Jorge Sanchez Coloma

Category: techTricks

Permanent link to this entry

Comments:

Post a Comment:
  • HTML Syntax: NOT allowed

This blog copyright 2009 by Jorge Sanchez Coloma