Task 1: Preparing the LDAP environment

In this task, you install and prepare ApacheDS to have an LDAP directory server to connect to in the next tasks. You only need to do step 1, which automatically does what is described in the other steps.

About this task

As an administrator, you implement access to Decision Center by interacting with the LDAP user registry in two distinct ways:

You configure the application server to grant authorization to the LDAP users.
You import the same users and their groups to the Decision Center database to implement security access to the different available decision services.

In this task, you create an LDAP server that has the following two users and groups:

User / Password	Group
`Jim` / `Jim`	`Checkers`
`Sue` / `Sue`	`Scoring`

A command is provided in the sample server to create the LDAP server, and the users and groups. Read through the other steps to learn about the command. This information is useful to understand what you do in the next tasks.

Step 1: Starting ApacheDS and importing data

In this step, you browse to the Apache Directory installation directory and start it by using command line. An LDAP is a repository of users. In this step, you create an organization unit (ou) to hold users, and create two users and two groups.

Procedure

Download and install ApacheDS as described in the prerequisites section of Before you start.
Start ApacheDS by running the following command from its installation directory:
```
<ApacheDS>/bin/apacheds.bat
```
Wait for the text ApacheDS to be displayed.
Start the Samples Console, for example:
- Windows 10: Click Start > All Programs > <ODM> > Samples Console (en_US)
- Windows 11: Click Start > All apps > <ODM> > Samples Console (en_US)
Make sure that you are in the Samples Console perspective. Then, open the Samples Commands view, and expand Decision Center and LDAP User Management.
Click prepare.ldap.data and wait for the BUILD SUCCESSFUL message. This command creates the LDAP server, the connection parameters, the two users Sue and Jim, and the two groups Scoring and Checkers.

What to do next

At this point, you can go immediately to the next task. The rest of the steps in this task describe the manual way of achieving the same results as the command you just ran. This information is particularly useful if you are new to the LDAPs.

Step 2: Establishing connection parameters to the LDAP server

In this step, you create the server instance, establish the connection parameters, and identify the entry point in the LDAP hierarchy. Both the sample server and the Decision Center applications require connection information to access the LDAP server.

Procedure

Remember: If you did step 1, do not follow the instructions in this step.

Download and install Apache Directory Studio.
Start Apache Directory Studio.
In the LDAP Servers view, create an LDAP server:
1. Click the New Server button in the view toolbar.
2. Select the default Apache DS 2.0.0.
3. Click Finish.
4. Double-click the server to see its content in the display area. Notice the port number and the available partitions:
In the LDAP Servers view, select and start the server.
If it does not start on the first try, try again, or delete and re-create the server.
After the server is started, in the Connections view, create a new connection:
1. Click the New Connection button in the view toolbar.
2. Enter ODM1 as the connection name (the name is not used anywhere else).
3. Enter localhost as the hostname and 10389 as the port:
Click Next. In the next screen, enter uid=admin,ou=system for Bind DN or user, and secret for Bind password.
This person is the default user who is required to access the Apache Directory server:
Click Check Authentication. Authentication must be successful before you move on. Then, click Finish.
The Directory Information Trees (DIT) in the LDAP Browser view shows the following information:

Creating the connection parameters provides a domain with the distinguished name (DN) dc=example,dc=com, ideal for demos and tutorials. In this tutorial, you use this domain as the base DN.

Step 3: Creating the first user

In this step, you create an organization unit (ou) in which to place users, and create the first user. LDAPs are repositories of users.

Procedure

Remember: If you did step 1, do not follow the instructions in this step.

In the LDAP Browser view, right-click dc=example,dc=com, and select New > New Entry.
Select Create entry from scratch, and click Next.
Under Available object classes, find organizationalUnit and add it to Selected objects classes:
Click Next. Then, for the relative distinguished name (RDN) field, enter ou=users:
Click Next, and then Finish.
The LDAP Browser shows that your domain now has an organizational unit in which to place users:
Create the first user, Jim. In the LDAP Browser view, right-click ou=users, and select New > New Entry.
Select Create entry from scratch, and click Next.
Under Available object classes, find inetOrgPerson and add it to Selected object classes.
This class is a general-purpose object class that holds attributes about persons.
Click Next. For RDN, enter uid=Jim.
Click Next.
On the Attributes page, do as follows:
1. Enter Jim Jones in the common name (cn) field.
2. Enter Jim in the surname field (sn).
3. Click the New Attribute button in the toolbar of the pop-up and add the attribute userPassword.
Click Finish.
Enter Jim as the password, confirm, and click OK.
Click Finish.

Step 4: Creating the second user

In this step, you use cut and paste features to create the second user that you need in this tutorial.

Procedure

Remember: If you did step 1, do not follow the instructions in this step.

In the LDAP Browser view, right-click uid=Jim and click Copy Entry/DN.
Right-click ou=users, and click Paste Entry.
Select Rename entry and continue, and enter uid=Sue:
Click OK.
In the LDAP Browser view, click uid=Sue, and change as follows:
- The cn value to Sue Smith
- The sn value to Sue
- The password to Sue
You see in the next steps how the uid and cn fields are used differently.

Step 5: Creating the first group

In this step, you create the first group of users. In Decision Center, users must belong to groups so that security on decision services can be enforced.

Procedure

Remember: If you did step 1, do not follow the instructions in this step.

In the LDAP Browser view, right-click dc=example,dc=com, and select New > New Entry.
Select Create entry from scratch, and click Next.
Under Available object classes, find organizationalUnit and add it to Selected objects classes.
Click Next. Then, enter ou=groups in the RDN field. Click Next and then Finish.
The LDAP Browser view shows an organizational unit in which to place groups.
Create the first group, Checkers. In the LDAP Browser view, right-click ou=groups, and select New > New Entry.
Select Create entry from scratch, and click Next.
Under Available object classes, find groupOfNames and add it to Selected object classes:
Click Next. For RDN, enter cn=Checkers.
Click Next. In the DN Editor, click Browse and select Jim under ou=users.
Click OK and then Finish.
The group Checkers now has a member Jim.

Step 6: Creating the second group

In this step, you use cut and paste features to create the other group.

Procedure

Remember: If you did step 1, do not follow the instructions in this step.

In the LDAP Browser view, right-click cn=Checkers and click Copy Entry/DN.
Right-click ou=groups, and click Paste Entry.
Select Rename entry and continue, and enter cn=Scoring.
Click OK. Then, click cn=Scoring in the LDAP Browser view.
Double-click the member field and change the member to Sue:
Your groups and users now appear as follows:

What to do next

Next, you modify the security realm of the sample server so that the users in the LDAP repository can log in to Decision Center.