Topic
IC4NOTICE: developerWorks Community will be offline May 29-30, 2015 while we upgrade to the latest version of IBM Connections. For more information, read our upgrade FAQ.
8 replies Latest Post - ‏2013-02-07T23:57:58Z by SystemAdmin
SystemAdmin
SystemAdmin
300 Posts
ACCEPTED ANSWER

Pinned topic Configure ADFS in bootstrap.properties for ACL

‏2013-01-22T07:51:48Z |
Hi
I am trying to configure the ACL using the LDAP based on ADFS in the bootstrap.properties file. I have tried everything but i am not able to get it working.Attached is the screenshot of the ADFS strucure i am using. Can anybody tell me the exact values which i need to set for the below parameters

ibm.appcenter.ldap.active=true
ibm.appcenter.ldap.connectionURL="ldap://172.16.16.55:389"
ibm.appcenter.ldap.user.base="CN=Users,DC=paxggndc11,DC=com"
ibm.appcenter.ldap.user.loginName=cn
ibm.appcenter.ldap.user.displayName=cn
ibm.appcenter.ldap.group.base="CN=Users,DC=paxggndc11,DC=com"
ibm.appcenter.ldap.group.name=cn
ibm.appcenter.ldap.group.uniquemember=member
ibm.appcenter.ldap.user.groupmembership=memberOf
  • SystemAdmin
    SystemAdmin
    300 Posts
    ACCEPTED ANSWER

    Re: Configure ADFS in bootstrap.properties for ACL

    ‏2013-01-22T10:34:41Z  in response to SystemAdmin
    Hi,

    What is your problem exactly ? Can you connect to the AppCenter Console ?
    It seems that you use Liberty Profile. What is the registry you use to connect to the console: Basic or LDAP (it is defined in the server.xml file) ?

    Also check that you have no exception in the Liberty Profile logs directory.

    Thanks.
    • SystemAdmin
      SystemAdmin
      300 Posts
      ACCEPTED ANSWER

      Re: Configure ADFS in bootstrap.properties for ACL

      ‏2013-01-22T10:37:18Z  in response to SystemAdmin
      I am using the basic registry to login to the console of the App Center. I want to configure the users and groups for the Access control list based on the LDAP registry of which i have attached the screenshot.
      • SystemAdmin
        SystemAdmin
        300 Posts
        ACCEPTED ANSWER

        Re: Configure ADFS in bootstrap.properties for ACL

        ‏2013-01-22T10:49:07Z  in response to SystemAdmin
        What is your ACL search string ? Does it mean that the search returns no entry ? (can you send the screenshot of the ACL search in AppCenter)

        Thanks.
        • SystemAdmin
          SystemAdmin
          300 Posts
          ACCEPTED ANSWER

          Re: Configure ADFS in bootstrap.properties for ACL

          ‏2013-01-22T10:52:41Z  in response to SystemAdmin
          http://localhost:9080/applicationcenter/service/principal/?start=0&orderBy=displayName&pageSize=50&page=0&fromIndex=0&searchFor=test2&searchScope=displayName&type=ldapuser&excludeDefaults=true
          • SystemAdmin
            SystemAdmin
            300 Posts
            ACCEPTED ANSWER

            Re: Configure ADFS in bootstrap.properties for ACL

            ‏2013-01-22T11:05:53Z  in response to SystemAdmin
            The request is correct.
            So set the follwing trace in the server.xml file :
            <logging traceSpecification="*=info=enabled:com.ibm.puremeap.*=all" traceFormat="ADVANCED"/>

            and retest the request.
            Then attach the trace.log file.
            • SystemAdmin
              SystemAdmin
              300 Posts
              ACCEPTED ANSWER

              Re: Configure ADFS in bootstrap.properties for ACL

              ‏2013-01-22T11:12:39Z  in response to SystemAdmin
              PFA

              Looks like issue is at line
              THROW
              javax.naming.NamingException: LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1\u0000; remaining name 'CN=Users'

              Attachments

              • SystemAdmin
                SystemAdmin
                300 Posts
                ACCEPTED ANSWER

                Re: Configure ADFS in bootstrap.properties for ACL

                ‏2013-01-23T08:02:36Z  in response to SystemAdmin
                In fact your LDAP server requires security binding (anonymous users are not authorized to search inside the LDAP, so credentials are needed when binding to the LDAP). Unfortunately in V505 this feature is not availabl. We are considering to integrate it in a future release.

                Thanks.
              • SystemAdmin
                SystemAdmin
                300 Posts
                ACCEPTED ANSWER

                Re: Configure ADFS in bootstrap.properties for ACL

                ‏2013-02-07T23:57:58Z  in response to SystemAdmin
                Note: IBM forums are in the process of migrating to a new format. During migration the forums will be frozen and in read-only mode. If you wish to continue this thread discussion please post it on stackoverflow, where the Worklight team and others can respond.

                See the Forum Migration announce post for more details. Thank you.

                Barbara Hampson, Manager, IBM Worklight