Versions Compared

Old Version 70

changes.mady.by.user Former user

Saved on

compared with

New Version 71

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Stop .
  2. In a text editor, open <frevvo-home>/tomcat/conf/Catalina/localhost/frevvo.xml.
  3. You can edit the LDAP Configuration Properties. Alternatively, you can start off from one of the sample configurations and provide only the key information listed above.
    1. Active Directory Sample 
    2. Open LDAP Sample
  4. Log into your LDAP Server and add a new group, frevvo.TenantAdmin
  5. Assign the frevvo.tenantadmin group to one or more users for tenant admin privilege.
  6. Start
  7. Login to  as a  administrator (user:admin and password:admin if you have not changed it)
  8. Click on Manage and then Manage Tenants
  9. You will see a page where the current tenants are listed. If this is a new installation you will only see the default tenant d
  10. Click on the plus sign (+) to add a new tenant.
  11. Configure the new tenant:
    1. In the drop down Security Manager Class choose LDAP/Active Directory Security Manager. If your version does not have a drop down, enter the following in the in the text box: com.frevvo.security.ldap.LDAPSecurityManager.
    2. Give it a tenant id. For the sake of this document lets assume you call it MYLDAP. Provide the tenant name and description.
    3. The Max Concurrent Users is the maximum allowed by your license or less.
    4. Specify the LDAP User ID that will have the tenant admin permission. 
    5. Click Submit. You will see your new tenant in the tenant list.  

 

Note

There are four special roles in : frevvo.Designer, frevvo.Publisher, frevvo.ReadOnly . Groups for each role must be specified on your LDAP/AD Server if you have users that will be assigned these roles. The group names must be frevvo.Designer, frevvo.Publisher, frevvo.ReadOnly . Upper/lower case may be a factor for Open LDAP systems.

 

...

Signing in from within the network

In this case, the  server and the Active Directory server are running on the same machine. The user is already authenticated to the windows network and points the browser to:

...

Substitute LDAP tenant above with the tenant name you configured with the LDAP Security Manager. The server variable should be the ip address of the machine where Active Directory is installed .

The user will automatically authenticate to . It is crucial that the LDAP user is known to , in other words, the user should be one of the entries retrieved by the LDAP expression configured in the property com.frevvo.security.ldap.allUsersFilter in frevvo.xml.

Signing in from outside the network

Very similar to the case above but in In this case the user , the  server and the Active Directory server are running on different machines. The user is trying to hit the URL below from outside the network. 

Code Block
languagehtml/xml
 http://[server]/frevvo/web/tn/[LDAP tenant]/login

Substitute LDAP tenant above with the tenant name you configured with the LDAP Security Manager and the server variable with the ip address of the machine where Active Directory is installed.

Since the user is not authenticated in the windows Network, he will be prompted by the browser for credentials. IIS will authenticate the user in the network and forward the request to . The user will be automatically redirected to his initial page without having to re-enter his credentials.

...