Description:
When you first start with Red Hat's Enterprise Portal Platform you will be able to connect to the portal with admin/admin or user/user. The credentials will be checked against the default users within the portals in-memory database HSQL. Mostly you would want the credentials to be checked against your companies LDAP.This post will cover setting up an LDAP and configuring EPP4.3 to use it.
- Install LDAP
- Start LDAP services
- Setup LDAP
- Install EPP4.3
- Setup EPP4.3 to use LDAP for credentials
- Install LDAP
- Start LDAP services
- Setup LDAP
- Install EPP4.3
- Setup EPP4.3 to use LDAP for credentials
- Connect to the portal http://localhost:8080/portal
Main post:
Install LDAP
Before starting be aware that the only supported LDAP servers are:
Red Hat Directory Server, OpenDS and OpenLDAP.
Within this post the open source LDAP server "Red Hat Directory Server" will be used.
Install LDAP
Before starting be aware that the only supported LDAP servers are:
Red Hat Directory Server, OpenDS and OpenLDAP.
Within this post the open source LDAP server "Red Hat Directory Server" will be used.
Installing it is pretty straight forward.
First install the software :
Then configure the RHDS with this document:
First install the software :
sudo yum install 389-ds
sudo yum install fedora-idm-console
Then configure the RHDS with this document:
http://www.scribd.com/doc/20555511/Fedora-Directory-LDAP-Server-Setup-Configuration-on-Linux-HowTo-v1-0
If the document is not available call the following command line and follow the install instructions which are pretty straight forward
# setup-ds-admin.pl
At the End you should remember:
Directory Manager: cn=Directory Manager
Password: your_password
Admin port: 9830
LDAP port: 389
Start LDAP services
sudo service dirsrv start
sudo service dirsrv-admin start
sudo service httpd start
Setup LDAP
Run the earlier installed LDAP browser fedora-idm-console (you can use any other LDAP browser)
$ fedora-idm-console
Choose the Directory Server (1) and choose Open (2).
Then you just have to choose 'Import Databases' and import a *.ldif (save the following text into a test.ldif file). After that you should be able to browse you LDAP tree in the Directory tab...
dn: o=your_host,dc=your_domain,dc=com
objectclass: top
objectclass: dcObject
objectclass: organization
o: your_host
dc: your_host
dn: ou=People,o=your_host,dc=your_domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People
dn: uid=admin,ou=People,o=your_host,dc=your_domain,dc=com
objectclass: top
objectclass: inetOrgPerson
objectclass: person
uid: admin
cn: Administrator
sn: Duke
userPassword: admin
mail: admin@your_host.your_domain.com
dn: uid=user,ou=People,o=your_host,dc=your_domain,dc=com
objectclass: top
objectclass: inetOrgPerson
objectclass: person
uid: user
cn: User
sn: Sample
userPassword: user
mail: user@your_host.your_domain.com
dn: uid=jduke,ou=People,o=your_host,dc=your_domain,dc=com
objectclass: top
objectclass: inetOrgPerson
objectclass: person
uid: jduke
cn: Java
sn: Duke
userPassword: theduke
mail: jduke@your_host.your_domain.com
dn: ou=Roles,o=your_host,dc=your_domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Roles
dn: cn=Admin,ou=Roles,o=your_host,dc=your_domain,dc=com
objectClass: top
objectClass: groupOfNames
cn: Admin
description: Administrators
member: uid=admin,ou=People,o=your_host,dc=your_domain,dc=com
dn: cn=User,ou=Roles,o=your_host,dc=your_domain,dc=com
objectClass: top
objectClass: groupOfNames
cn: User
description: Users
member: uid=admin,ou=People,o=your_host,dc=your_domain,dc=com
member: uid=user,ou=People,o=your_host,dc=your_domain,dc=com
member: uid=jduke,ou=People,o=your_host,dc=your_domain,dc=com
Install EPP4.3
The installation of EPP4.3 is extremly simple.
First download the jboss-epp-4.3.GA_CP0X-src.zip here. You will need a Red Hat login and a valid subscription to download, if you don't know why: I covered it in an earlier post.
Then extract the zip file into the directory jboss-epp-4.3. That's it.
Setup EPP4.3 to use LDAP for credentials
You will have to change the following files in red to make LDAP work.
1. Within jboss-epp-4.3/jboss-as/server/default/deploy/jboss-portal.sar/META-INF/jboss-service.xml
change
conf/identity/identity-config.xml
conf/identity/ldap_identity-config.xml
host port adminPassword userCtxDN roleCtxDN
uncomment (use)
login-module code="org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule"
and adapt the variable to your configuration.
Connect to the portal
Now you should be able to connect to the portal:
http://localhost:8080/portal
with the user admin and password admin.
The default HSQL database users that come with the portal out of the box are admin and user. After migrating to LDAP they will only work if you have configured your portal properly. For example you have the possibility to authenticate users against LDAP + DB or only against LDAP. In this post users are only authenicated against LDAP! And 3 users available are the ones imported into the LDAP with the *.ldif file: admin, user, jduke.
If you still have problems check out the section "Troubleshooting JBoss Portal"
If the document is not available call the following command line and follow the install instructions which are pretty straight forward
# setup-ds-admin.pl
At the End you should remember:
Directory Manager: cn=Directory Manager
Password: your_password
Admin port: 9830
LDAP port: 389
Start LDAP services
sudo service dirsrv start
sudo service dirsrv-admin start
sudo service httpd start
Setup LDAP
Run the earlier installed LDAP browser fedora-idm-console (you can use any other LDAP browser)
$ fedora-idm-console
Then you just have to choose 'Import Databases' and import a *.ldif (save the following text into a test.ldif file). After that you should be able to browse you LDAP tree in the Directory tab...
dn: o=your_host,dc=your_domain,dc=com
objectclass: top
objectclass: dcObject
objectclass: organization
o: your_host
dc: your_host
dn: ou=People,o=your_host,dc=your_domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People
dn: uid=admin,ou=People,o=your_host,dc=your_domain,dc=com
objectclass: top
objectclass: inetOrgPerson
objectclass: person
uid: admin
cn: Administrator
sn: Duke
userPassword: admin
mail: admin@your_host.your_domain.com
dn: uid=user,ou=People,o=your_host,dc=your_domain,dc=com
objectclass: top
objectclass: inetOrgPerson
objectclass: person
uid: user
cn: User
sn: Sample
userPassword: user
mail: user@your_host.your_domain.com
dn: uid=jduke,ou=People,o=your_host,dc=your_domain,dc=com
objectclass: top
objectclass: inetOrgPerson
objectclass: person
uid: jduke
cn: Java
sn: Duke
userPassword: theduke
mail: jduke@your_host.your_domain.com
dn: ou=Roles,o=your_host,dc=your_domain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Roles
dn: cn=Admin,ou=Roles,o=your_host,dc=your_domain,dc=com
objectClass: top
objectClass: groupOfNames
cn: Admin
description: Administrators
member: uid=admin,ou=People,o=your_host,dc=your_domain,dc=com
dn: cn=User,ou=Roles,o=your_host,dc=your_domain,dc=com
objectClass: top
objectClass: groupOfNames
cn: User
description: Users
member: uid=admin,ou=People,o=your_host,dc=your_domain,dc=com
member: uid=user,ou=People,o=your_host,dc=your_domain,dc=com
member: uid=jduke,ou=People,o=your_host,dc=your_domain,dc=com
Install EPP4.3
The installation of EPP4.3 is extremly simple.
First download the jboss-epp-4.3.GA_CP0X-src.zip here. You will need a Red Hat login and a valid subscription to download, if you don't know why: I covered it in an earlier post.
Then extract the zip file into the directory jboss-epp-4.3. That's it.
Setup EPP4.3 to use LDAP for credentials
You will have to change the following files in red to make LDAP work.
1. Within jboss-epp-4.3/jboss-as/server/default/deploy/jboss-portal.sar/META-INF/jboss-service.xml
change
to
2. Within jboss-epp-4.3/jboss-as/server/default/deploy/jboss-portal.sar/conf/identity/ldap_identity-config.xml
adapt the value tags that are linked to the following tags:
(the be sure to choose the right value for userCtxDN and roleCtxDN connect to your LDAP browser and check the values)
3. Within jboss-epp-4.3/jboss-as/server/default/deploy/jboss-portal.sar/conf/identity/standardidentity-config.xml
3. Within jboss-epp-4.3/jboss-as/server/default/deploy/jboss-portal.sar/conf/identity/standardidentity-config.xml
adapt the value tags that are linked to the 5 tags seen in the section above.
4. Within jboss-epp-4.3/jboss-as/server/default/deploy/jboss-portal.sar/conf/login-config.xml
comment (do not use)
login-module code="org.jboss.portal.identity.auth.IdentityLoginModule"comment (do not use)
uncomment (use)
login-module code="org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule"
and adapt the variable to your configuration.
Connect to the portal
Now you should be able to connect to the portal:
http://localhost:8080/portal
with the user admin and password admin.
The default HSQL database users that come with the portal out of the box are admin and user. After migrating to LDAP they will only work if you have configured your portal properly. For example you have the possibility to authenticate users against LDAP + DB or only against LDAP. In this post users are only authenicated against LDAP! And 3 users available are the ones imported into the LDAP with the *.ldif file: admin, user, jduke.
If you still have problems check out the section "Troubleshooting JBoss Portal"
No comments:
Post a Comment