Configure LDAP with Sterling B2B Integrator

To configure Sterling B2B Integrator to use LDAP, you must edit the authentication_policy.properties.in file. You can also use the customer_overrides.properties file to set property values that do not overwrite by a patch installation.

To configure LDAP authentication:

  1. Stop Sterling B2B Integrator.
  2. Navigate to the installation directory.
  3. Navigate to the properties directory.
  4. Open the authentication_policy.properties.in file.
  5. In authentication_policy.properties.in, locate the ## GIS/LDAP Authentication configuration entry.
  6. Below the ##GIS/LDAP Authentication configuration entry, make the following changes to the LDAP parameters:

    Parameter

    Description

    Shipped Value

    Change to

    #LDAP_SECURITY_TRUSTSTORE

    Path to the local truststore. You must have LDAP required certificates stored in the truststore. You cannot use certificates from trading partners. Optional. Use only if you are using SSL.

    Inactive path

    Full path to the local truststore.

    #LDAP_SECURITY_TRUSTSTORE_PASSWORD

    Password that allows access to the truststore.Optional. Use only if you are using SSL.

    changeit

    Password allowing access to the local truststore.

    #LDAP_SECURITY_KEYSTORE

    Path to the local keystore. You must have LDAP required certificates stored in the keystore. You cannot use certificates from trading partners. Optional. Use only if you are using SSL.

    Inactive path

    Full path to the local keystore.

    #LDAP_SECURITY_KEYSTORE_PASSWORD

    Password that allows access to the keystore. Optional. Use only if you are using SSL.

    password

    Password allowing access to the local keystore.

    #authentication_<number>.enabled

    Enables or disables the use of LDAP.

    False – All users who are created from this authentication host will be disabled (fail to log in).

    True – Each user can be accessed either internally or externally, but not both, since each user ID is unique. This value is not checked when it is for internal authentication.

    False

    True

    #authentication_<number>.jndi_factory

    Class name of the factory class that creates the initial context for the LDAP service provider. This is the standard context factory shipped with the JDK.

    com.sun.jndi.ldap.LdapCtxFactory

    No change

    #authentication_<number>.server

    URL specifying the host name of the LDAP server.

    Inactive path

    Local LDAP host URL.

    #authentication_<number>.port

    The port number of the LDAP server.

    #authentication_<number>.security_type

    Authentication method for the provider to use. The system supports only simple authentication.

    simple

    No change

    #authentication_<number>.principle

    Identity of the principle to authenticate, which enables the system to perform queries. This parameter is the name component in an LDAP ASN.1 bind request.

    cn=Manager, dc=amr, dc=stercomm, dc=com

    Local naming information.

    #authentication_<number>.credentials

    Password set up in the LDAP repository for the LDAP principle, which enables the system to perform queries.

    SecretPassword

    Local password that goes with your local principle.

    #authentication_<number>.security_protocol

    Object specifying which security protocol for the provider to use.

    SSL

    No change. This parameter is not visible if you have chosen not to use SSL.

    #authentication_<number>.password_attribute

    Name of the LDAP attribute that contains the user password.

    This parameter is only used if the

    #LDAP_AUTHENTICATE_WITH_USER_BIND
    is set to false.

    userPassword

    Local attribute that contains the password.

    #authentication_<number>.search_root

    Object specifying the root from which the user query is based.

    dc=amr, dc=stercomm, dc=com

    Local search path.

    #authentication_<number>.search_filter

    Object specifying the template to use in the search. The <userid> value is dynamically replaced at request time with the userid of the user requesting authentication.

    (uid=<userid>)

    A Windows Active Directory server may use an entry such as

    (sAMAccountName=<userid>)

    #authentication_<number>.with_user_bind

    Specifies whether to authenticate a user according to a successful bind.

    False – The system extracts the value of the user password from the LDAP server and performs a comparison to the user credentials provided.

    True – The system binds to the LDAP server using the user's distinguished name and provided credentials. A successful bind means a successful authentication.

    false

    Change to true if you want to authenticate with the user bind.
  7. Save the authentication_policy.properties.in file.
  8. Enter /install_dir/install/bin/setupfiles.sh (UNIX) or \install_dir\install\bin\setupfiles.cmd (Windows) to update LDAP entries into the authentication_policy.properties file from the authentication_policy.properties.in file.
  9. Start Sterling B2B Integrator.

    The changes to the authentication_policy.properties file are applied and you can now begin using your LDAP server to authenticate users.

    After startup, the system identifies LDAP servers from the authentication_policy.properties file. The system authenticates external users when the users log in.