Configure to use LDAP |
LDAP ( Lightweight Directory Access Protocol) is the lightweight directory access protocol. iPortal, iServer and iEdge all support users with LDAP directory.
First, you should be LDAP login configuration, then use the user in LDAP server to login iPortal, iServer and iEdge. Here we take iServer as an example.
In the service management homepage (WebManager), click "Security", and LDAP Configuration” tab to enter the configuration page.
LDAP login does not enable by default. After checking the "Log in With LDAP", it needs to set the LDAP server address, LDAP admin name, LDAP admin password and root directory position, etc.
If you use the SSL protocol, you should configure the SSL to connect to the LDAP server.
In the LDAP login configuration page, you can map LDAP group with role. So all users in this LDAP group will have the access right cooreesponding to the role.
Click the "Add Role Mapping" button, ands select the LDAP Group Name in the pop-up dialog box (the same with group name of root directory in LDAP server). Select the corresponding iServer role for this group. Click OK. So all users in LDAP group can access and login iServer. In this page, you can view the mapping between the added LDAP group and iServer role. You can edit and delete the role mapping.
If the LDAP server use the SSL encrypted connection agreement, you should also need to set as follows:
openssl s_client -connect 192.168.17.13:636 -showcerts >e:/adserver.crt
192.168.17.13 is IP address of LDAP server; e:/adserver.crt is th path of newly created file. adserver.crt is the name of new file. This file is end with the *.crt; Delete the contects between -----BEGIN CERTIFICATE----- and-----END CERTIFICATE----- .
keytool -import -keystore ./lib/security/cacerts -alias ldap -file e:/adserver.crt
./lib/security/cacerts is the path of cacerts; ldap is the alias, you can specify by youselft; e:/adserver.crt is the path of new file.