Configuring for LDAP
You can configure an external LDAP server for user authentication.
If you want to authenticate to an LDAP user registry, configure
an LDAP V2 or V3 registry.
When using LDAP and/or VMM the LDAP users and/or groups are always stored in LDAP/VMM and do not need to be created in TADDM. TADDM is used only to assign roles to the LDAP users and groups. Only these user/group to role mappings, known as permissions, need to be created and stored in TADDM. The administrator user ID is a special internal TADDM user that is always processed using file-based security regardless of what user registry is configured. This user can always be used to initially assign roles to the LDAP users and groups.
To use LDAP or VMM for user authentication, complete the following steps:
To configure SSL for LDAP, complete the following steps:
- In the collation.properties file, locate
the following property, and change the value of the property from false to true:
com.collation.security.auth.ldapUseSSL
- Configure the following truststore and keystore properties, as
appropriate:
com.collation.security.auth.ldapClientKeyStore
com.collation.security.auth.ldapClientKeyStorePassphrase
com.collation.security.auth.ldapClientTrustStore
com.collation.security.auth.ldapClientTrustStorePassphrase
- If necessary, change the port on which the LDAP server is listening
for SSL connections by configuring the following property:
com.collation.security.auth.ldapPortNumber