To allow LDAP You must configure Adeptia Connect for LDAP Authentication to allow LDAP users to access Adeptia Connect, you need to configure LDAP properties in Adeptia Suite. Following is the list of prerequisites before you configure LDAP in Adeptia Suite.. This page also lists the steps for configuring Adeptia Connect for Secured LDAP.
Prerequisites
- Installed LDAP Server.
- Administrative rights in Adeptia Suite to enable LDAP Authentication and Authorization.
- Adeptia Suite is certified with Windows Active Directory and Open LDAP server
...
- .
- TLSv1.2 should be enabled on LDAP Server (in case of Secured LDAP).
Steps to Configure LDAP Properties
- Sign in to Adeptia Suite.
- Go to Administer > Setup > Application Settings.
- Click Update System Properties.
- Expand Systems > LDAP Authentication.
Configure the LDAP Authentication properties.
Property Name
Description
abpm.ldap.enableLdap
Enable or disable LDAP authentication.
abpm.ldap.provider.url
Provider URL to connect to LDAP Server.
abpm.ldap.enableLdapOverSSL
Enable or disable LDAP connection over SSL.
abpm.ldap.searchScopeLevel
Search scope level - One, Object, and Subtree.
abpm.ldap.bindDN
The DN used to bind against the LDAP server for the user and roles queries. This is DN with read/search permissions on the baseContextDN and rolesContextDN values. It specifies DN of the admin user in LDAP server.
abpm.ldap.bindCredential
Password for the bindDN.
abpm.ldap.baseContextDN
Fixed DN of the context to start the user search from.
abpm.ldap.baseFilter
Search filter to locate the context of the user to authenticate. The input username as obtained from the login module callback will be substituted into the filter where a "{0}" expression is seen.
abpm.ldap.rolesContextDN
Fixed DN of the context to search for user roles. For Active Directory, this is the DN where the user account is.
abpm.ldap.roleFilter
Search filter to locate the roles associated with an authenticated user. The login module callback will be substituted into the filter anywhere a "{0}"expression is seen. The authenticated userDN will be substitute into the filter where a "{1}" expression is seen.
abpm.ldap.roleAttributeID
Name of the role attribute of the context that corresponds to the name of the role.
If the value of the roleAttributeIsDN property is set to true, this property is the DN of the context to query for the roleNameAttributeID attribute.
If the roleAttributeIsDN property is set to false, this property is the attribute name of the role name.abpm.ldap.roleAttributeIsDN
Flag indicating whether the user's role attribute contains the fully distinguished name of a role object, or the user's role attribute contains the role name.
If the value of this property is false, the role name is taken from the value of the user's role attribute.
If the value of this property is true, the role attribute represents the distinguished name of a role object.
The role name is taken from the value of the roleNameAttributeId attribute of the corresponding object. The default value of this property is false.abpm.ldap.roleNameAttributeID
Name of the role attribute of the context that corresponds to the name of the role.
If the value of the roleAttributeIsDN property is set to true, this property is used to find the role object's name attribute.
If the value of the roleAttributeIsDN property is set to false, this property is ignored.abpm.ldap.roleDN.searchRoleNameAttributeID
Enable or disable searching role name attribute in user's distinguished name.
abpm.ldap.administratorUsers
Name(s) of LDAP user(s) (separated by comma) that will be treated as System Admin users in Adeptia Suite and Adeptia Connect.
abpm.ldap.administratorGroups
Name(s) of LDAP group(s) (separated by comma) that will be treated as System Admin users in Adeptia Suite and Adeptia Connect.
abpm.ldap.groupAdminUsers
Name(s) of LDAP user(s) (separated by comma) that will be treated as Group Admin users in Adeptia Suite and IT Users in Adeptia Connect.
abpm.ldap.groupAdminGroups
Name(s) of LDAP group(s) (separated by comma) that will be treated as Group Admin users in Adeptia Suite and IT Users in Adeptia Connect.
abpm.ldap.developerUsers
Name(s) of LDAP user(s) (separated by comma) that will be treated as Developer Users in Adeptia Suite and Business Users in Adeptia Connect.
abpm.ldap.developerGroups
Name(s) of LDAP group(s) (separated by comma) that will be treated as Developer Users in Adeptia Suite and business Users in Adeptia Connect.
abpm.ldap.businessUsers
Name(s) of LDAP users (separated by comma) that will be treated as Business Users in Adeptia Suite.
abpm.ldap.businessGroup
Name(s) of LDAP groups (in comma separated format) that will be treated as Business Users in Adeptia Suite.
abpm.ldap.group.itUsers Name of the LDAP group that will be treated as IT Users in Adeptia Connect. abpm.ldap.alwaysDefaultGroupLogin
Enable or disable login only with default LDAP group in Adeptia.
abpm.ldap.defaultLdapGroup
Entity id of the group (created in Adeptia) that shall be treated as default LDAP group.
abpm.ldap.enableDefaultGroupLogin
Enable or disable login with default LDAP group in Adeptia.
abpm.ldap.enableSSO
Enable or disable Single Sign-On in Adeptia Suite.
abpm.ldap.sso.filterClass
Class name that needs to be initiated for SSO authentication process.
abpm.ldap.enable.anonymous.login
Enable or disable anonymous login through blank password in LDAP.
abpm.ldap.referrals
Set the environment property referrals in LDAP.
- Click Save to save the changes. If the LDAP server is secured, then you must follow the steps given below before restarting Kernel and WebRunner. Else, restart Kernel and WebRunner to bring the configuration changes into effect.
Steps to Configure Adeptia Connect for Secured LDAP
Users need to do additional steps if configured LDAP Server is secured. Follow these steps to configure Connect with secured LDAP. Ensure other aforementioned steps have already been completed.
- Import the LDAP Server certificate in AIS cacert (/Serverkernel/etc/truststore/cacerts) using below command.
keytool -import -trustcacerts -alias <<ANY_ALIAS_NAME>> -file "<<CERTIFICATE_FILE_PATH>>" -keystore "<<AIS_CACERT_PATH>>"
For example,
keytool -import -trustcacerts -alias ldapssl -file "C:\Users\administrator.ADEPTIA\Desktop\adeptia.org.cer" -keystore "C:\Program Files\AdeptiaSuite_6.9.4\AdeptiaSuite-6.9\AdeptiaServer\ServerKernel\etc\truststore\cacerts"- After importing the LDAP Server certificate, you will be prompted to enter the keystore password. The default password is changeit.
- Enter yes, when prompted to trust the certificate.
- Follow the below steps to configure LDAP properties.
- Expand the LDAP Authentication node.
Modify the value of the abpm.ldap.provider.url property.
- Set the protocol to ldaps.
- Set the port number for SSL request. By default, the port number is 636.
For example,
ldaps://adsrv014.adeptia.org:636
Set the value of the abpm.ldap.enableLdapOverSSL property to yes.
- Expand the LDAP Authentication node.
Click Save to save the changes.
Restart Kernel and WebRunner to bring the configuration changes into effect.
Next Step
...