Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Section
Column

Sometimes, is deployed to an existing servlet container that is already handling user authentications through, for instance, LDAP. Here the authentication is the responsibility of the container, but is still responsible for the runtime authorization and the design time querying of user metadata. The LDAP Container Security Manager reuses the existing LDAP connector but relies on the container for user authentications.

 

 

Column
width300px

On this page:

Table of Contents
maxLevel2

...

  1. Stop  if it is running.
  2. Modify the <frevvo-home>\tomcat\conf\server.xml file. Here is an example of the changes needed when using tomcat.
    1. Edit this file with a text editor.
    2. Search for 'ldap://localhost:389 - you should find this in the org.apache.catalina.realm.JNDIRealm section of the file. 
    3. Notice lines 98 - 107 are commented out.
    4. Uncomment this section. Replace the existing code with the code shown below: 
    5. Replace the connectionURL, connectionName and the connectionPassword default values with your LDAP server information. 
    6. Refer to this website for detailed information about the remaining parameters.
Code Block
	<Realm className="org.apache.catalina.realm.JNDIRealm"
		connectionURL="ldap://test.windows.frevvo.com:389" connectionName="TEST\Administrator"
		connectionPassword="FrevvoTest00" adCompat="true" referrals="follow"
		
		userBase="CN=Users,DC=test,DC=windows,DC=frevvo,DC=com" userSearch="(&amp;(objectClass=user)(sAMAccountName={0}))"
		userSubtree="true" userRoleName="memberOf"
		
		roleBase="CN=Users,DC=test,DC=windows,DC=frevvo,DC=com" roleSubtree="true"
	    roleName="cn" roleSearch="(&amp;(objectClass=group)(member={0}))" /> 
     
      3. Configure LDAP - The LDAP Container Security Manager uses the LDAP Security Manager so the setup for both is the same. LDAP Security Manager configuration is done via the UI when you  
Here is a Sample LDAP Configuration: notice the ldap connection url, name and password have been changed to specify the LDAP server name and the administrator id/password. 
Code Block
         <Parameter name="com.frevvo.security.ldap.connection.url" value="ldap://test.windows.frevvo.com:389" override="false"/>
         <Parameter name="com.frevvo.security.ldap.connection.name" value="TEST\Administrator" override="false"/>
         <Parameter name="com.frevvo.security.ldap.connection.password" value="FrevvoTest00" override="false"/>
         <Parameter name="com.frevvo.security.ldap.usersBase" value="CN=Users,DC=test,DC=windows,DC=frevvo,DC=com" override="false"/>
         <Parameter name="com.frevvo.security.ldap.groupsBase" value="CN=Users,DC=test,DC=windows,DC=frevvo,DC=com" override="false"/>
         <Parameter name="com.frevvo.security.ldap.userIdDisplayAttribute" value="sAMAccountName" override="false"/>
         <Parameter name="com.frevvo.security.ldap.groupIdDisplayAttribute" value="sAMAccountName" override="false"/>
         <Parameter name="com.frevvo.security.ldap.notifications" value="true" override="false"/>
         <Parameter name="com.frevvo.security.ldap.allGroupsFilter" value="(objectClass=group)" override="false"/>
         <Parameter name="com.frevvo.security.ldap.allUsersFilter" value="(objectClass=user)" override="false"/>
         <Parameter name="com.frevvo.security.ldap.distinguishedNameAttribute" value="distinguishedName" override="false"/>
         <Parameter name="com.frevvo.security.ldap.userMemberOfAttribute" value="memberOf" override="false"/>
         <Parameter name="com.frevvo.security.ldap.groupMemberAttribute" value="member" override="false"/>
         <Parameter name="com.frevvo.security.ldap.firstNameAttribute" value="givenName" override="false"/>
         <Parameter name="com.frevvo.security.ldap.lastNameAttribute" value="sn" override="false"/>
         <Parameter name="com.frevvo.security.ldap.emailAttribute" value="mail" override="false"/>
         <Parameter name="com.frevvo.security.ldap.managerAttribute" value="manager" override="false"/>
         <Parameter name="com.frevvo.security.ldap.ignoreCase" value="true" override="false"/>  

...

Start .

      5. Create a tenant with the LDAP Container Security Manager class.

    1.  Login to Live Forms as a Live Forms administrator (user:admin@d and password:admin if you have not changed it). 
    2. Click on Manage and then Manage Tenants. 
    3. You will see a page where the current tenants are listed. If this is a new installation you will only see the default tenant d. 
    4. Click on the plus sign (+) to add a new tenant. 
    5. Configure the new tenant following the steps below:
Section
Column
width20%

Image Removed

Column
width50%
      1. In the drop down Security Manager Class choose LDAP Container Security Manager. If your version does not have a drop down, enter the following in the Custom text box: com.frevvo.security.ldap.csm.LDAPContainerSecurityManager.
      2. Give it a tenant id. Provide the tenant name and description.
      3. The Max Concurrent Users is the maximum allowed by your license or less. Leave this field blank if you do not want to set a max.
      4. Specify the LDAP User ID that will have the tenant admin permission. The LDAP-CSM tenant admin must exist on the LDAP server and have the frevvo.TenantAdmin and frevvo.Designer roles.  
      5. Click Submit. You will see this message with the name of your newly created tenant and it will show in the tenant list.

    Image Removed

Column
width25%

Image Removed

Tenant Admin Properties in Active Directory

If the tenant admin user does not exist or it does not have the required roles, this error will display with the name of the tenant you are trying to add:

Image Removed

This error message can be seen in the <frevvo-home>\tomcat\logs\frevvo.log file if the LDAP-CSM tenant cannot be created.

...

.

     6.  Stop .

     7.  The <frevvo-home>\tomcat\webapps\frevvo.war file must be secure. This is done by enabling the <security-contraint/> found in the web.xml file included in the frevvo.war. 

...