Setting up: The basic set up is done in the eStudio application. To set up LDAP security, perform the following actions: 1.Open the profile for off-line editing through the Profile Management using eStudio by clicking on the Profile Manager pane. 2.Right-click on Profiles in the Profile Manager tab and select Load Profile > Fiorano ESB > profile1 > FES. Configuring LDAP for PrincipalManager: a.Go to Fiorano > security > PrincipalManager > NativeFileBasedAclManager and select 'LDAP' option from the dropdown menu for Implementation. b.Go to Fiorano > security > PrincipalManager > LdapPrincipalManager > DependsOn > TimerService and select 'Fiorano.etc:ServiceType=TimerService,Name=TimerService' in the Instance dropdown menu. c.Go to Fiorano > security > PrincipalManager > LdapPrincipalManager and provide the ldap server configuration on the right hand side panel. Description of the attributes is given below. Attribute Description: LdapProviderUrl : Primay LDAP Server's connect URL. "ldap//:389" (389 is the default port for ldap) LdapProviderDn : Points to the base domain of LDAP server under which Fiorano Server would create its repository Principal : LDAP server's username. This username will be used to connect to the LDAP server. credentials : LDAP server's login password LdapInitialCtxFactory : Class name for LDAP server's Initial Context Factory to be supplied to Initial Context LdapInitialContectDn : Points to the location at which Acls would be stored LdapSecurityAuthentication : Ldap Security Authentication in use. LdapPollInterval : Interval(in msec) after which the LDAP server connection is polled. Negative value disables polling LdapPrimaryServerReconnectAttempts : Number of reconnect attempts LDAP primary server makes BackupLdapProviderUrl : the backup LDAP server provider Url, which is tried when the primary LDAP server becomes unavailable BackupLdapProviderDn : Points to the base domain of LDAP server under which FMQ would create its repository BackupPrincipal : Backup LDAP server's username. This username will be used to connect to the backup LDAP server. BackupCredential : Backup LDAP server's login password BackupLdapContextInitialCtxFactory : Class name for backup LDAP server's Initial Context Factory to be supplied to Initial Context BackupLdapSecurityAuthentication : get the backup LDAP server security authentication LdapUserClassTop : Ldap User Class Top LdapUserClassPerson : Ldap User Class Person LdapUserClassOrganizationalPerson : Ldap User Class Organizational Person LdapUserClassInetorgPerson : Ldap User Class InetorgPerson LdapGroupClassTop : Ldap Group Class Top LdapGroupClassUniqueNames : Ldap Group Class Unique Name LdapGroupClassUniqueMember : Ldap Group Class Unique Member LdapUserNameAttribute : Ldap User Name LdapUserPasswordAttribute : Ldap User Password LdapGroupNameAttribute : Ldap Group name LdapGroupUserNameAttribute : Ldap Group UserName Attribute LdapUserDn : Ldap User distinguished name LdapGroupDn : Ldap Group distinguished name Configuring LDAP for AclManager: a.Go to Fiorano > security > AclManager > NativeFileBasedAclManager and select 'LDAP' option from the dropdown menu for Implementation. b.Go to Fiorano > security > AclManager > LdapBasedAclManager > DependsOn > TimerService and select 'Fiorano.etc:ServiceType=TimerService,Name=TimerService' in the Instance dropdown menu. c.Go to Fiorano > security > AclManager > LdapBasedAclManager and provide the ldap server configuration on the right hand side panel. Description of the attributes is given below. Attribute Description: LdapProviderUrl : Primay LDAP Server's connect URL. "ldap//:389" (389 is the default port for ldap) LdapProviderDn : Points to the base domain of LDAP server under which FMQ would create its repository Principal : LDAP server's username. This username will be used to connect to the LDAP server. credentials : LDAP server's login password LdapInitialCtxFactory : Class name for LDAP server's Initial Context Factory to be supplied to Initial Context LdapInitialContectDn : Points to the location at which Acls would be stored LdapSecurityAuthentication : Ldap Security Authentication in use. LdapPollInterval : Interval(in msec) after which the LDAP server connection is polled. Negative value disables polling LdapPrimaryServerReconnectAttempts : Number of reconnect attempts LDAP primary server makes BackupLdapProviderUrl : the backup LDAP server provider Url, which is tried when the primary LDAP server becomes unavailable BackupLdapProviderDn : Points to the base domain of LDAP server under which Fiorano Server would create its repository BackupPrincipal : Backup LDAP server's username. This username will be used to connect to the backup LDAP server. BackupCredential : Backup LDAP server's login password BackupLdapContextInitialCtxFactory : Class name for backup LDAP server's Initial Context Factory to be supplied to Initial Context BackupLdapSecurityAuthentication : get the backup LDAP server security authentication AclEntryObjectClasses : comma seperated object class names for an ACL entry in the LDAP provider Note1: Since Enterprise server synchronizes the user data with the peer server, Configuring Ldap for peer server is not required. Note2: If credentials of an user are changed, then we have to edit in all the places where the same is configuraed. Refer to below section for details. http://www.fiorano.com/documentation/display/PUB/Changing+Admin+Password#ChangingAdminPassword-AdminPasswordconfigurationsEditingconfigurationsafterchangingAdminPassword