We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byKeila Everley
Modified about 1 year ago
© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source, Inc. © 2007 GroundWork Open Source, Inc. Getting Started with GroundWork Monitor GroundWork Monitor Enterprise Edition 6.2 Page 1
© 2009 GroundWork Open Source, Inc. Integration with Active Directory Requirements Getting it going Setting up Groups and Roles Disabling default authentication Integration with OpenLDAP Requirements Getting it going Groups and Roles again LDAPS Requirements Setup Certificates export and import Course Objectives for this Module Getting Started with GroundWork Monitor Page 2
© 2009 GroundWork Open Source, Inc. Page 3 GroundWork Monitor Enterprise Edition 6.2 Module 8 : LDAP for AD, Open LDAP and LDAPS Setup
© 2009 GroundWork Open Source, Inc. Resource How-to: Home > USING APPLICATIONS > Operational How To'sHome > USING APPLICATIONS > Operational How To's Some important points: LDAP users cannot be assigned to roles using the portal administrator application LDAP users do NOT need to be defined in the portal (this is different from GroundWork Monitor 5.x) Configuration of LDAP parameters is done outside of the User Interface, and requires a restart of gwservices. Role Names have changed User is now GWUser Operator is now GWOperator Admin is now GWAdmin Active Directory LDAP Authentication Configuration Page 4
© 2009 GroundWork Open Source, Inc. Required: Active Directory domain controller to which you have access Account with rights to browse the container in which you store the users: Example: ldapauth, context: cn=ldapauth,ou=GWUsers,dc=demo,dc=com Optional: Roles in the portal for desired access levels A container and groups set up to match roles in the portal Useful: Adsiedit.msc Active Directory: Requirements LDAP Authentication Configuration Page 5
© 2009 GroundWork Open Source, Inc. Organizational Unit (OU) GWUsers Groups in the OU GWUser GWAdmin GWOperator Users and membership ldapauth adminGWAdmin test1GWOperator test2GWUser test3 Active Directory: Sample Set of Users and Groups LDAP Authentication Configuration Page 6
© 2009 GroundWork Open Source, Inc. Edit login-config.xml Copy and paste the section from the how-to Change the AD server name or IP address Change the LDAP admin user and password Change the contexts for the LDAP admin and users, roles Restart the portal (gwservices) Test the login Active Directory: Getting it going LDAP Authentication Configuration Page 7
© 2009 GroundWork Open Source, Inc. Add roles to the portal Example: Add Executive role Allow view to reports tab to Executive role Add groups to AD Example: Add Executive group Add user to Executive group Test the login Active Directory: Setting up groups and roles LDAP Authentication Configuration Page 8
© 2009 GroundWork Open Source, Inc. Roles are additive There is no (easy) way to change the automatic mapping of all AD users to the the GWUser role in the portal. Restrict this role if you do not want all users to have the default apps. Active Directory: Notes about Roles LDAP Authentication Configuration Page 9
© 2009 GroundWork Open Source, Inc. A good idea… because… LDAP Users are stored in portal with no password LDAP failure means all can login without password For instance is a user is deleted from LDAP… Easy to do (and undo): Edit login-config.xml: Comment out DBIdentityLoginModule section Change “sufficient” to “required” in SynchronizingLDAPExtLoginModule section Restart gwservices Disabling Default Authentication LDAP Authentication Configuration Page 10
© 2009 GroundWork Open Source, Inc. Some important points: OpenLDAP is hard to configure. OpenLDAP allows anonymous browsing by default. This can be a bad thing. Always configure GWME to use a user to access containers. The user must have access to browse the tree in the User and Role context containers OpenLDAP LDAP Authentication Configuration Page 11
© 2009 GroundWork Open Source, Inc. Required: An OpenLDAP server Administrative access to OpenLDAP (for setting up Users and Roles) A user account with rights to scan the containers for Users and Roles Useful: LDAP browser OpenLDAP: Requirements LDAP Authentication Configuration Page 12
© 2009 GroundWork Open Source, Inc. Login to the OpenLDAP server and set up the Users container (default is ou=People) Set up the Roles container Add users to Users container Add users to roles It is a good idea to test your LDAP user login for browsing. Note: root user is cn=manager by default, and while the uid=root object is in the People container, the context is the default, for example: cn=manager,dc=groundworkers,dc=com OpenLDAP: Getting it Going LDAP Authentication Configuration Page 13
© 2009 GroundWork Open Source, Inc. Edit login-config.xml Paste in the same text from the how-to as you would for active directory Change the LDAP server from the default to your OpenLDAP server Change the bindDN to the LDAP auth user Change the bindCredential to the LDAP auth user’s password Change the contexts for users and roles, and make sure to change the format of the role filter and attributes. These differ from AD. Restart gwservices Test login OpenLDAP: Getting it Going LDAP Authentication Configuration Page 14
© 2009 GroundWork Open Source, Inc. Setting up Role-based access in GWME and OpenLDAP is similar to the process with AD. The main differences are: OpenLDAP uses a separate container for the Roles (technically, groups), while AD typically places the groups in the same container as the users. To set up, match the roles in GWME to the roles in OpenLDAP as you would for AD, and add users to roles in OpenLDAP. OpenLDAP: Roles and Groups LDAP Authentication Configuration Page 15
© 2009 GroundWork Open Source, Inc. LDAPS is LDAP over SSL. Some important points: LDAPS requires a certificate. Administrators will likely already have this as a text files somewhere safe. This process goes through extracting the certificate, so care should be taken to use the correct parts of this procedure. LDAPS LDAP Authentication Configuration Page 16
© 2009 GroundWork Open Source, Inc. An OpenLDAP server with LDAPS turned on. The OpenLDAP setup completed as above, but stop before you restart the portlal. LDAPS: Requirements LDAP Authentication Configuration Page 17
© 2009 GroundWork Open Source, Inc. Edit login-config.xml Add the setting for SSL Change the LDAP server protocol and port Extract the cert from OpenLDAP (unless the administrator already has it) Run the openssl command Grab the cert from the output and place it in a text file (example ldaps.pem) Import the cert into JBoss Run the keytool command Restart gwservices LDAPS:Setup LDAP Authentication Configuration Page 18
© 2009 GroundWork Open Source, Inc. If the LDAP logins do not work: Check the framework.log file for startup errors. A simple problem with an XML tag can keep a module from loading and working. Enable debug for the org.jboss.security class, and look in the framework.log for JNDI error and debug messages. Errors will be in the form of java exceptions. Double check that you can log in with a LDAP client with the LDAP auth user and password, as entered in the login-config.xml. Also check a test user in user context. Log files in AD and OpenLDAP may also give clues. Troubleshooting LDAP Authentication Configuration Page 19
© 2009 GroundWork Open Source, Inc. Page 20 GroundWork Open Source, Inc. 139 Townsend Street, Suite 500 San Francisco, CA 94107 Phone: 415.992.4500 Website: www.gwos.comwww.gwos.com Email: firstname.lastname@example.org@gwos.com GroundWork Subscription Support: support.gwos.comsupport.gwos.com Confidential - Do not distribute Thank you
© 2009 GroundWork Open Source, Inc. PROPRIETARY INFORMATION: Information contained herein is not for use or disclosure outside of GroundWork Open Source,
Delegated Admin Tool Edit User Profile Training Module.
Copyright 2000 eMation SECURITY - Controlling Data Access with
© 2012 Entrinsik, Inc. Informer Administration Exploring the system menu and functions PRESENTER: Jason Vorenkamp| Informer Software Engineer| March 2012.
Course ILT Internet/intranet support Unit objectives Use the Internet Information Services snap-in to manage IIS, Web sites, virtual directories, and WebDAV.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Installing and Configuring Moodle. Download Download latest Windows Install package from Moodle.orgMoodle.org.
03/07/08 © 2008 DSR and LDAP Authentication Avocent Technical Support.
August 25, SSO with Microsoft Active Directory Presented by: Craig Larrabee.
RSDB Installation & Configuration
Services Course Windows Live SkyDrive Participant Guide.
Directory Services CS5493/7493. Directory Services Directory services represent a technological breakthrough by integrating into a single management tool:
Setting up Articles Throughout this slide show there will be hyperlinks (highlighted in blue) follow the hyperlinks to navigate to the specified Topic.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
AD User Import From SIMS.NET Version 2.2. AD User Import From SIMS.NET Contents Why have such a program? Extracting data from SIMS.NET Importing.
Gusti Herawati. Introduction Sitescope User Interface Configuration Group Monitor Alert Report Sitescope Tools Backup Procedure.
FedEx Ship Manager® at fedex.com Shipping Administration
7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.
1 Child Health Reporting System (CHRS) How to Submit VHSS Data.
Use the buttons on the top to navigate through the presentation 1 PrevNext Menu.
MEGS+ Michigan Electronic Grants System Plus https://mdoe.state.mi.us/megsplus Session Two: Home Page Details and Initiation of an Application/Task.
Useful Tips How to quickly verify if you are logged on or not Get the full navigation menu window for e- application What is a time-out and how to.
UNIVERSITY OF EDUCATION BY H.M.ISHTIAQ RAFIQUE. Domain Name Structure.
Back to content Final Presentation Mr. Phay Sok Thea, class “2B”, group 3, Networking Topic: Mail Client “Outlook Express” *At the end of the presentation.
NODEMANAGER WEBLOGIC SERVER. 1.Creating logical machines 2.Using nodemanager for server startup and shutdown GETTING STARTED.
Install Window XP. Begin the Installation 1. Insert the Windows XP CD and restart your computer. 2. If prompted to start from the CD, press SPACEBAR.
SQL SERVER 2008 Installation Guide A Step by Step Guide Prepared by Hassan Tariq.
SAMBA Integrating Linux and Window. What is Samba? Free suite of programs that enables flavors of UNIX to work with other operating systems such as OS/2.
Delegated Admin Tool Add User Training Module. Honeywell Proprietary Honeywell.com 2 Document control number Accessing Delegated Admin Tool To access.
Interstage BPM v11.2 1Copyright © 2010 FUJITSU LIMITED INTEGRATION.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Phone: Mega AS Consulting Ltd © 2007 CAT – the problem & the solution Using the CAT - Administrator Mega.
Grouper UI Part 2 Shilen Patel Duke University This work licensed under a Creative Commons Attribution-NonCommercial 3.0 Unported License.
What’s New in Fireware XTM v WatchGuard Training ©2014 WatchGuard Technologies, Inc.
Eucalyptus Virtual Machines Running Maven, Tomcat, and Mysql.
TIDE Presentation Florida Standards Assessments 1 FSA Regional Trainings Updated 02/09/15.
Business Objects XIr2 Windows NT Authentication Single Sign-on 18 August 2006.
1 Institutional Repository Workshop 1 – 3 April 2009 Presented by Leonard Daniels.
Configuring a Web Server. Overview Overview of IIS Preparing for an IIS Installation Installing IIS Configuring a Web Site Administering IIS Troubleshooting.
19 Copyright © 2008, Oracle. All rights reserved. Security.
Client – Server Application Can you create a client server application: The server will be running as a service: does not have a GUI The server will run.
DB Relay An Introduction. INSPIRATION Database access is WAY TOO HARD The crux.
Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.
Tomcat Setup BCIS 3680 Enterprise Programming. One-Click Tomcat Setup 2 This semester we’ll try to set up Tomcat with a PowerShell script. Preparation.
20 is the magic number! There are 20 phone preparation steps.
© 2017 SlidePlayer.com Inc. All rights reserved.