- Open the profile for offline editing through the Profile Manager using Studio by clicking on the Profile Manager pane, explained in the Pinging section.
- Modify the Implementation property of the ACL Manager and the Principal Manager to LDAP. For more information on how to modify ACL Manager and Principal Manager refer to the section Modifying ACL Manager Implementation and Modifying ACL and Principal Manager Implementation.
- Configure the Principal Manager as per the Directory server in use. A sample configuration for the Netscape Directory Server is shown in the figure Directory Server Settings.
- Right-click on the FioranoMQ node and select Save from the pop-up menu.
Sample Configuration – Netscape Directory Server
Setting the Name
The 'name' is the name of the admin of the LDAP server, since the Initial Context may only be started by the Admin.
Setting the password
Enter the password for the Admin of the LDAP Server with whom a connection is to be make
LDAP Initial Context Factory
The Initial Context Factory to be used, corresponding to the Directory Server.
LDAP Provider URL
Is set in accordance with the Directory Server being used.
LDAP Provider DN
Set this to the suffix variable set up while installing the LDAP Server.
LDAP security authentication
Set this variable to:
Sample Configuration – ApacheDS1.5.4
Setting up the Directory Service
To setup the directory service, the steps below are to be performed:
- Stop any running instance of ApacheDS.
- Take a backup of server.xml
/var/lib/apacheds-1.5.4/default/conf/server.xml
(Default path: If the DS instances were installed in a location different, server.xml will be available inside the directory at that location.) - Modify server.xml by adding the line below within the tag </partitions> ... </partitions>
<jdbmPartition id="fiorano" cacheSize="100" suffix="o=fiorano,c=US" optimizerEnabled="true" syncOnWrite="true"/>
- Run apacheds
/etc/init.d/
apachedsstart
- Login through the Apache Directory Studio.
- User: uid=admin,ou=system. (Default)
- Password: secret. (Default)
Import the LDIF content below using Apache Directory Studio. (Menu: LDAP -> New LDIF File)
- Re-login through Apache Directory Studio to see the added children.
Setting up the profile for use with ApacheDS1.5.4
- Open the profile for off-line editing through the Profile Manager using Studio, as explained in the Modifying ACLManager Implementation section ine the Working with ACL based Security page.
- Reset all properties except the LdapProviderUrl to their original values.
- In the LDAP Provider URL, the port number is 10389 and the ip address is that of the server that running ApacheDS.
Sample LDAP Configuration for ACLs, Users and Groups
Configuration for Users and Groups
Here is an example of how FioranoMQ profile can be configured to store principal realms (users and groups) related to the FioranoMQ Server.
As an example, the view of how the users and groups are stored in the LDAP provider is extracted using the Apache Directory Studio. LDAP for Principal store in FioranoMQ can be configured in the following way:
- After opening the profile in Fiorano Studio for offline editing and changing the Principal Manager implementation to LDAP as explained in section Modifying ACL and Principal Manager Implementation, change the following node: Fiorano > security > PrincipalManager > LdapPrincipalManager.
Figure: LDAP_Conf 1
For more information on the parameters shown in the above figure, please refer to the FioranoMQ Configuration Parameters.
Once the FioranoMQ is configured to use LDAP to store users and groups and the server is started, it sequentially creates them. The way in which the users and groups are stored in the LDAP-provider is illustrated using the following figure.
Figure: LDAP_Browser 1
Configuration for Access Control Lists (ACLs)
Here is an example of how FioranoMQ profile can be configured to store Access Control Lists (ACLs) related to the FioranoMQ Admin Objects like Queues, Topics, Connection Factories and other ACLs related to Lookup, AdminConnection etc. in the LDAP-provider. As an example, the view of how the ACLs are stored in the LDAP provider is extracted using the Apache Directory Studio.
LDAP for ACL store in FioranoMQ can be configured in the following way:
- After opening the profile in Fiorano Studio for offline editing and changing the ACL implementation to LDAP as explained in section in the Modifying ACLManager Implementation section ine the Working with ACL based Security page; change the following node: Fiorano > security > AclManager > LdapBasedAclManager
Figure: LDAP_Conf2.png goes here
For more information on the parameters given in the above picture, please refer to the FioranoMQ Configuration Parameters.
Once the FioranoMQ is configured to use LDAP to store Access Control Lists (ACLs) and the server is started, it sequentially creates the ACLs for each of the destinations. The way in which the ACLs are stored in the LDAP-provider is illustrated in the figure below:
Figure: LDAP_Browser 2