Contents
 Contents
  1. Open the profile for offline editing through the Profile Manager using eStudio by clicking on the Profile Manager pane, explained in the Pinging section.
  2. Modify the Implementation property of the ACL Manager and the Principal Manager to LDAP. For more information on how to modify ACL Manager and Principal Manager refer to the section Modifying ACL Manager Implementation and Modifying ACL and Principal Manager Implementation.
  3. Configure the Principal Manager as per the Directory server in use. A sample configuration for the Netscape Directory Server is shown in the figure Directory Server Settings.
  4. Right-click on the FioranoMQ node and select Save from the pop-up menu.

Sample Configuration – Netscape Directory Server

Setting the Name

The 'name' is the name of the admin of the LDAP server, since the Initial Context may only be started by the Admin.

Setting the password

Enter the password for the Admin of the LDAP Server with whom a connection is to be make

LDAP Initial Context Factory

The Initial Context Factory to be used, corresponding to the Directory Server.

LDAP Provider URL

Is set in accordance with the Directory Server being used.

LDAP Provider DN

Set this to the suffix variable set up while installing the LDAP Server.

LDAP security authentication

Set this variable to:

Sample Configuration – ApacheDS1.5.4

Icon

The steps mentioned here require the installation of the Apache Directory Studio.

Setting up the Directory Service

To setup the directory service, the steps below are to be performed:

  1. Stop any running instance of ApacheDS.
  2. Take a backup of server.xml
    /var/lib/apacheds-1.5.4/default/conf/server.xml
    (Default path: If the DS instances were installed in a location different, server.xml will be available inside the directory at that location.)
     
  3. Modify server.xml by adding the line below within the tag </partitions> ... </partitions>
    <jdbmPartition id="fiorano" cacheSize="100" suffix="o=fiorano,c=US" optimizerEnabled="true" syncOnWrite="true"/> 
  4. Run apacheds
    /etc/init.d/apacheds start 
  5. Login through the Apache Directory Studio.
    • User: uid=admin,ou=system. (Default)
    • Password: secret. (Default) 
  6. Import the LDIF content below using Apache Directory Studio. (Menu: LDAP -> New LDIF File)

     

  7. Re-login through Apache Directory Studio to see the added children.

Setting up the profile for use with ApacheDS1.5.4

Icon

Make sure that the steps mentioned in section 7.9 have been completed before moving on to the steps listed below:

  1. Open the profile for off-line editing through the Profile Manager using eStudio, as explained in the Modifying ACLManager Implementation section ine the Working with ACL based Security page.
  2. Reset all properties except the LdapProviderUrl to their original values.
  3. In the LDAP Provider URL, the port number is 10389 and the ip address is that of the server that running ApacheDS.

Sample LDAP Configuration for ACLs, Users and Groups

Configuration for Users and Groups

Here is an example of how FioranoMQ profile can be configured to store principal realms (users and groups) related to the FioranoMQ Server.

As an example, the view of how the users and groups are stored in the LDAP provider is extracted using the Apache Directory Studio. LDAP for Principal store in FioranoMQ can be configured in the following way:

  • After opening the profile in Fiorano eStudio for offline editing and changing the Principal Manager implementation to LDAP as explained in section Modifying ACL and Principal Manager Implementation, change the following node: Fiorano > security > PrincipalManager > LdapPrincipalManager.


    Figure: LDAP_Conf 1

For more information on the parameters shown in the above figure, please refer to the FioranoMQ Configuration Parameters

Once the FioranoMQ is configured to use LDAP to store users and groups and the server is started, it sequentially creates them. The way in which the users and groups are stored in the LDAP-provider is illustrated using the following figure.


Figure: LDAP_Browser 1

Configuration for Access Control Lists (ACLs)

Here is an example of how FioranoMQ profile can be configured to store Access Control Lists (ACLs) related to the FioranoMQ Admin Objects like Queues, Topics, Connection Factories and other ACLs related to Lookup, AdminConnection etc. in the LDAP-provider. As an example, the view of how the ACLs are stored in the LDAP provider is extracted using the Apache Directory Studio. 

LDAP for ACL store in FioranoMQ can be configured in the following way:

  • After opening the profile in Fiorano eStudio for offline editing and changing the ACL implementation to LDAP as explained in section in the Modifying ACLManager Implementation section ine the Working with ACL based Security page; change the following node: Fiorano > security > AclManager > LdapBasedAclManager


    Figure: LDAP_Conf2.png goes here

For more information on the parameters given in the above picture, please refer to the FioranoMQ Configuration Parameters.

Once the FioranoMQ is configured to use LDAP to store Access Control Lists (ACLs) and the server is started, it sequentially creates the ACLs for each of the destinations. The way in which the ACLs are stored in the LDAP-provider is illustrated in the figure below:


Figure: LDAP_Browser 2

Adaptavist ThemeBuilder EngineAtlassian Confluence