Task 1: Preparing the LDAP environment

In this task, you install and prepare Apache Directory Server so that you have an LDAP to connect to in the next tasks.

About this task

As an administrator, you implement access to Decision Center by interacting with the LDAP user registry in two distinct ways:

You configure the application server to grant authorization to the LDAP users.
You import the same users and their groups to the Decision Center database to implement security access to the different available decision services.

In this task, you create an LDAP server and create the following two users and groups:

User / Password	Group
`Jim` / `Jim`	`Checkers`
`Sue` / `Sue`	`Scoring`

Step 1: Establish connection parameters to the LDAP server

About this task

Both the sample server and the Decision Center applications require connection information to access the LDAP server. In this step you create the server instance, establish the connection parameters, and identify the entry point in the LDAP hierarchy.

Procedure

Download and install Apache Directory Studio.
Start Apache Directory Studio.
In the LDAP Servers view, create an LDAP server:
1. Click the New Server button in the view toolbar.
2. Select the default Apache DS 2.0.0.
3. Click Finish.
4. Double-click the server to see its content in the display area. Notice the port number and the available partitions:
In the LDAP Servers view, select and start the server. If it does not start on the first try, try again, or delete and recreate the server.
After the server is started, in the Connections view, create a new connection:
1. Click the New Connection button in the view toolbar.
2. Enter ODM1 as the connection name (the name is not used anywhere else).
3. Enter localhost as the hostname and 10389 as the port:
Click Next. In the next screen, enter uid=admin,ou=system for Bind DN or user, and secret for Bind password. This is the default user required to access the Apache Directory server:
Click Check Authentication. Authentication must be successful before moving on. Then click Finish. The Directory Information Trees (DIT) in the LDAP Browser view shows the following:

Creating the connection parameters provides a domain with the distinguished name (DN) dc=example,dc=com, ideal for demos and tutorials. In this tutorial you use this domain as the base DN.

Step 2: Create the first user

About this task

LDAPs are a repository of users. In this step, you create an organization unit (ou) in which to place users, and create the first user:

Procedure

In the LDAP Browser view, right-click dc=example,dc=com, and select New > New Entry.
Select Create entry from scratch, and click Next.
Under Available object classes, find organizationalUnit and add it to Selected objects classes:
Click Next. Then, for the RDN (relative distinguished name) field, enter ou=users:
Click Next and then Finish. The LDAP Browser shows that your domain now has an organizational unit in which to place users:
Create the first user, Jim. In the LDAP Browser view, right-click ou=users, and select New > New Entry.
Select Create entry from scratch, and click Next.
Under Available object classes, find inetOrgPerson and add it to Selected object classes. This is a general purpose object class that holds attributes about persons.
Click Next. For RDN, enter uid=Jim.
Click Next.
On the Attributes page:
1. Enter Jim Jones in the common name (cn) field.
2. Enter Jim in the surname field (sn).
3. Click the New Attribute button in the toolbar of the popup and add the attribute userPassword.
Click Finish. Enter Jim as the password, confirm, and click OK.
Click Finish.

Step 3: Create the second user

About this task

Use cut and paste features to create the second user that you need in this tutorial.

Procedure

In the LDAP Browser view, right-click uid=Jim and click Copy Entry/DN.
Right-click ou=users, and click Paste Entry.
Select Rename entry and continue, and enter uid=Sue:
Click OK.
In the LDAP Browser view, click uid=Sue, and change:
- The cn value to Sue Smith
- The sn value to Sue
- The password to Sue
You will see in the next steps how the uid and cn fields are used differently.

Step 4: Create the first group

About this task

In Decision Center, users must belong to groups so that security on decision service can be enforced.

Procedure

In the LDAP Browser view, right-click dc=example,dc=com, and select New > New Entry.
Select Create entry from scratch, and click Next.
Under Available object classes, find organizationalUnit and add it to Selected objects classes.
Click Next. Then, enter for the RDN field, ou=groups. Click Next and then Finish. The LDAP Browser views shows an organizational unit in which to place groups.
Create the first group, Checkers. In the LDAP Browser view, right-click ou=groups, and select New > New Entry.
Select Create entry from scratch, and click Next.
Under Available object classes, find groupOfNames and add it to Selected object classes:
Click Next. For RDN, enter cn=Checkers.
Click Next. In the DN Editor, click Browse and select Jim under ou=users.
Click OK and then Finish. The group Checkers now has a member Jim.

Task 5: Create the second group

About this task

Use cut and paste features to create the other group.

Procedure

In the LDAP Browser view, right-click cn=Checkers and click Copy Entry/DN.
Right-click ou=groups, and click Paste Entry.
Select Rename entry and continue, and enter cn=Scoring.
Click OK. Then, click cn=Scoring in the LDAP Browser view.
Double-click the member field and change the member to Sue:
Your groups and users now appear as follows:

Results

You are now ready to modify the security realm of the sample server so that the users that you created in the LDAP repository can log in to Decision Center.

< Previous | Next >