LDAP Setup and Configuration
LDAP Setup and Configuration of LDAP, Tomcat, and RTView
LDAP Configuration
1) Modify <location>/ldap.properties
sl.rtvapm.security.ldap=admin
sl.rtvapm.security.ldap.admin.dn=cn=admin,ou=People,dc=sl,dc=com (This is the DN from Pre-req #2)
sl.rtvapm.security.ldap.user.domain=dc=sl,dc=com (Domain to search for users. From Pre-req #3)
sl.rtvapm.security.ldap.user.query=(&(objectClass=*)(uid={user})) (the Query to find the user, from Pre-req #5)
sl.rtvapm.security.ldap.user.dn.attribute=distinguishedName (The attribute to find the Distinguishing name to login with the password)
#sl.rtvapm.security.ldap.connect=LDAPS://localhost:50001 (LDAP Connect String SSL)
sl.rtvapm.security.ldap.connect=LDAP://localhost:50000 (LDAP Connect String non-SSL, from Pre-req #1)
sl.rtvapm.security.ldap.authstring=cn={user},ou=people,dc=sl,dc=com (only used for user based LDAP. String to use when logging in as a user without query)
sl.rtvapm.security.ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory (The context factory used for both the Admin and User login)
sl.rtvapm.security.ldap.authtype=simple (The authtype for both Admin and user login)
sl.rtvapm.security.ldap.xml=c:/0/TechSupport/Extensions/LDAPIntegration/ldapUser/ldap.xml
sl.rtvapm.security.verbose=true
com.sun.jndi.ldap.read.timeout=2000
com.sun.jndi.ldap.connect.timeout=2000
sl.rtvapm.security.useCache=false
sl.rtvapm.security.cacheTimeout=60000
2) Update ldap and rtview admin passwords (from Pre-req #2)
Chmod 777 updatePassword.sh
./updatePassword.sh ldap <ldap process account password> -newKey
./updatePassword.sh rtview <RTView Admin password>
3) Update ldap.xml (from Pre-req #4)
This requires the list of LDAP Roles (distinghishingName) that will map to the RTView Roles.
Example:
<?xml version="1.0"?>
<users xmlns="www.sl.com" >
<sl-role>
<name>super</name>
<ldap-role>INSERT THE DISTINGUISHEDNAME FOR THE LDAP ROLE HERE</ldap-role>
</sl-role>
<sl-role>
<name>admin</name>
<ldap-role>INSERT THE DISTINGUISHEDNAME FOR THE LDAP ROLE HERE</ldap-role>
</sl-role>
<sl-role>
<name>demo</name>
<ldap-role>INSERT THE DISTINGUISHEDNAME FOR THE LDAP ROLE HERE</ldap-role>
</sl-role>
<sl-role>
<name>read</name>
<ldap-role>INSERT THE DISTINGUISHEDNAME FOR THE LDAP ROLE HERE</ldap-role>
</sl-role>
</users>
Tomcat Configuration
1) Copy the ldapUser.jar to the $Catalina_home\lib
2) For Tomcat update $CATALINA_HOME\conf\Catalina.properties with :
com.sl.security.ldap.property.file=<location>/ldap.properties
3) update $Catalina_home\conf\server.xml
<Realm className="com.sl.custom.SLTomcatLDAPRealm"
resourceName="RTView" />
4) modify setup.js (add the following and remove the rtvuser:rtvuser line.)
rtv.dac.setGlobalVars({'rtv.dac.defReqMode': 'xhr'});
RTView Classic Configuration
DisplayServer Installation (5.x)
1) Modify the rtvservers.dat display server with -customUserManagerClassName:com.sl.custom.LDAPUserManager
central . DisplayServer1 rundisp -propfilter:ConfigClient -propfilter:AlertClient -propfilter:DisplayServer1 -customUserManagerClassName:com.sl.custom.LDAPUserManager
2) Modify central.properties add the following lines.
DisplayServer1.sl.rtview.cp=<location>/ldapUser.jar
DisplayServer1.sl.rtview.jvm=-Dcom.sl.security.ldap.property.file=<location>/ldap.properties
3) IF SSL, In Central.properties add the Java SSL truststore and password system properties (From Pre-req #6)
DisplayServer1.sl.rtview.jvm=-Djavax.net.ssl.trustStore=/0/ssl/myTrustStore
DisplayServer1.sl.rtview.jvm=-Djavax.net.ssl.trustStorePassword=CHANGEIT
5) Restart the Central DisplayServer.
./stop_servers.shf
./start_servers.sh
6) The Classic install is now complete configured and can be tested by using ldap user name and password at the RTView login page.
On this page: