Section | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
|
...
- Stop if it is running.
- Modify the <frevvo-home>\tomcat\conf\server.xml file. Here is an example of the changes needed when using tomcat.
- Edit this file with a text editor.
- Search for 'ldap://localhost:389 - you should find this in the org.apache.catalina.realm.JNDIRealm section of the file.
- Notice lines 98 - 107 are commented out.
- Uncomment this section. Replace the existing code with the code shown below:
- Replace the connectionURL, connectionName and the connectionPassword default values with your LDAP server information.
- Refer to this website for detailed information about the remaining parameters.
Code Block |
---|
<Realm className="org.apache.catalina.realm.JNDIRealm" connectionURL="ldap://test.windows.frevvo.com:389" connectionName="TEST\Administrator" connectionPassword="FrevvoTest00" adCompat="true" referrals="follow" userBase="CN=Users,DC=test,DC=windows,DC=frevvo,DC=com" userSearch="(&(objectClass=user)(sAMAccountName={0}))" userSubtree="true" userRoleName="memberOf" roleBase="CN=Users,DC=test,DC=windows,DC=frevvo,DC=com" roleSubtree="true" roleName="cn" roleSearch="(&(objectClass=group)(member={0}))" /> |
3. Configure LDAP - The LDAP Container Security Manager uses the LDAP Security Manager so the setup for both is the same. Be sure to include all the context parameters needed.
...
Browse 'http://<IP>:<PORT>/frevvo/web/tn/<tenant id>/login'. Substitute the ip address/port of the server and the name of your LDAPCSM tenant for the tenant id. The browser authentication light-box displays.
- Login as the tenant admin for the LDAP-CSM tenant. This admin must have the frevvo.User role in addition to the frevvo.tenantadmin and frevvo.designer roles.
- Click Manage Roles. You should see a list of groups.
- Click the Back to Manage Tenant link.
- Click Manage Users.
- Click All. You should see a list of LDAP users.
- Now, click Back To Manage Tenant.
- Log out from .
- Try to login with the user name and password of a user in the LDAP-CSM tenant. You do NOT need to specify the LDAP-CSM tenant when logging in. For instance, if nancy is a valid LDAP user you should log in as nancy. The password would be nancy's password in LDAP. User nancy's home page will display.
...