Configuring Case Manager to work with LDAP

After IBM FCII installation completes, you must modify Case Manager to configure it to work with LDAP.

1. Change to the helm directory:

   cd $HOME/fci-install-kit/helm/

2. Log in as root and open the $HOME/fci-install-kit/helm/server.xml file in a text editor.
3. To configure Case Manager to work with the LDAP system you are using, add the following lines inside the <ldapRegistry> element, which must start at the same column number as </jwtConsumer>\. See the following examples for Microsoft Active Directory and Tivoli Directory Server.
   Notes:

   • You can specify the bindPassword using either clear text or XOR encoding.
   • The following examples do not use encryption when connecting to the LDAP server. It is recommended to connect to LDAP using Transport Layer Security (TLS).

     To configure the LDAP connection with encryption, change the port value to 636 for either LDAP server. For Tivoli Directory Server only, also ensure that sslEnabled is set to true. For more information, see Enabling Transport Layer Security (TLS).

   Tivoli Directory Server example:

   <ldapRegistry
   host="ldap.server.hostname"
   port="389"
   ldapType="IBM Tivoli Directory Server"
   sslEnabled="false"
   ignoreCase="true"
   baseDN="OU=FCI,O=IBM,C=US"
   bindDN="cn=bind"
   bindPassword="78Bdns1s5X">
   <idsFilters
   userFilter="(&(uid=%v)(objectclass=inetOrgPerson))"
   groupFilter="(&(cn=%v)(|(objectclass=groupOfNames)
   (objectclass=groupOfUniqueNames)(objectclass=groupOfURLs)))"
   userIdMap="*:uid"
   groupIdMap="*:cn"
   groupMemberIdMap="ibm-allGroups:member;ibm-allGroups:uniqueMember;
   groupOfNames:member;groupOfUniqueNames:uniqueMember">
   </idsFilters>
   </ldapRegistry>

   Microsoft Active Directory example:

   <ldapRegistry 
   baseDN="CN=users,DC=aml,DC=ibm,DC=com" 
   ldapType="Microsoft Active Directory"
   port="389"
   ignoreCase="true"
   host="ldap.server.hostname"
   bindDN="CN=Administrator,CN=Users,DC=aml,DC=ibm,DC=com" 
   bindPassword="{xor}KixsLX8+Z2c=">
   <activedFilters
   userFilter="(&(sAMAccountName=%v)(objectcategory=user))"
   groupFilter="(&(cn=%v)(objectcategory=group))"
   userIdMap="user:sAMAccountName"
   groupIdMap="*:cn" 
   groupMemberIdMap="memberOf:member" > 
   </activedFilters>
   </ldapRegistry>

   Save and close the file.

4. Run the following commands:

   kubectl delete cm fcco-case-manager-server
   kubectl create cm fcco-case-manager-server --from-file server.xml

5. Enter the following command to obtain the name of the Case Manager IBM FCII solution pod:

   kubectl get pods

6. To delete this file, enter the following command:

   kubectl delete pod fcco-case-manager-fci-solution-xxxxxxxx-xxxxx

   Replacing fcco-case-manager-fci-solution-xxxxxxxxxx-xxxxx with the value from your environment.

   Output looks similar to the following:

   pod "fcco-case-manager-fci-solution-5f54c79f58-pbm8z" deleted

7. To ensure that the Case Manager solution pod was recreated and is in the Ready 3/3 state, enter the following command:

   kubectl get pods 

   Output is similar to the following. Note that the last 5 digits of the pod name is different from the pod that was deleted in Step 5.

   NAME READY STATUS RESTARTS AGE
   fcco-case-manager-fci-messaging-66d58bf8d-bvqvx 8/8 Running 0 37m
   fcco-case-manager-fci-solution-5f54c79f58-kt7pt 3/3 Running 0 1m