LDAP Setup and Configuration

LDAP Setup and Configuration of LDAP, Tomcat, and RTView


LDAP Configuration

1)            Modify <location>/ldap.properties

               sl.rtvapm.security.ldap=admin

               sl.rtvapm.security.ldap.admin.dn=cn=admin,ou=People,dc=sl,dc=com (This is the DN from Pre-req #2)


               sl.rtvapm.security.ldap.user.domain=dc=sl,dc=com (Domain to search for users.  From Pre-req #3)

               sl.rtvapm.security.ldap.user.query=(&(objectClass=*)(uid={user}))  (the Query to find the user, from Pre-req #5)

               sl.rtvapm.security.ldap.user.dn.attribute=distinguishedName (The attribute to find the Distinguishing name to login with the password)


               #sl.rtvapm.security.ldap.connect=LDAPS://localhost:50001 (LDAP Connect String SSL)

               sl.rtvapm.security.ldap.connect=LDAP://localhost:50000 (LDAP Connect String non-SSL, from Pre-req #1)


               sl.rtvapm.security.ldap.authstring=cn={user},ou=people,dc=sl,dc=com  (only used for user based LDAP.  String to use when logging in as a user without query)

               sl.rtvapm.security.ldap.context.factory=com.sun.jndi.ldap.LdapCtxFactory (The context factory used for both the Admin and User login)

               sl.rtvapm.security.ldap.authtype=simple (The authtype for both Admin and user login)

              

               sl.rtvapm.security.ldap.xml=c:/0/TechSupport/Extensions/LDAPIntegration/ldapUser/ldap.xml

               sl.rtvapm.security.verbose=true


               com.sun.jndi.ldap.read.timeout=2000

               com.sun.jndi.ldap.connect.timeout=2000


               sl.rtvapm.security.useCache=false

               sl.rtvapm.security.cacheTimeout=60000


2)            Update ldap and rtview admin passwords (from Pre-req #2)

               Chmod 777 updatePassword.sh

               ./updatePassword.sh ldap <ldap process account password> -newKey

               ./updatePassword.sh rtview <RTView Admin password>


3)            Update ldap.xml (from Pre-req #4)

               This requires the list of LDAP Roles (distinghishingName) that will map to the RTView Roles.   


               Example:

               <?xml version="1.0"?>

               <users xmlns="www.sl.com" >

               <sl-role>

                              <name>super</name>

                              <ldap-role>INSERT THE DISTINGUISHEDNAME FOR THE LDAP ROLE HERE</ldap-role>

               </sl-role>

               <sl-role>

                              <name>admin</name>

                              <ldap-role>INSERT THE DISTINGUISHEDNAME FOR THE LDAP ROLE HERE</ldap-role>

               </sl-role>

               <sl-role>

                              <name>demo</name>

                              <ldap-role>INSERT THE DISTINGUISHEDNAME FOR THE LDAP ROLE HERE</ldap-role>

               </sl-role>

               <sl-role>

                              <name>read</name>

                              <ldap-role>INSERT THE DISTINGUISHEDNAME FOR THE LDAP ROLE HERE</ldap-role>

               </sl-role>

               </users>


Tomcat Configuration

1) Copy the ldapUser.jar to the $Catalina_home\lib


2) For Tomcat update $CATALINA_HOME\conf\Catalina.properties with :

               com.sl.security.ldap.property.file=<location>/ldap.properties


3) update $Catalina_home\conf\server.xml

                              <Realm className="com.sl.custom.SLTomcatLDAPRealm"

                                                               resourceName="RTView" />

                                                          

4) modify setup.js (add the following and remove the rtvuser:rtvuser line.)


               rtv.dac.setGlobalVars({'rtv.dac.defReqMode': 'xhr'});


RTView Classic Configuration

DisplayServer Installation (5.x)

1)            Modify the rtvservers.dat display server with -customUserManagerClassName:com.sl.custom.LDAPUserManager


               central                 .              DisplayServer1   rundisp -propfilter:ConfigClient -propfilter:AlertClient -propfilter:DisplayServer1 -customUserManagerClassName:com.sl.custom.LDAPUserManager


2)            Modify central.properties add the following lines.

               DisplayServer1.sl.rtview.cp=<location>/ldapUser.jar

               DisplayServer1.sl.rtview.jvm=-Dcom.sl.security.ldap.property.file=<location>/ldap.properties


3)            IF SSL, In Central.properties add the Java SSL truststore and password system properties (From Pre-req #6)

               DisplayServer1.sl.rtview.jvm=-Djavax.net.ssl.trustStore=/0/ssl/myTrustStore

               DisplayServer1.sl.rtview.jvm=-Djavax.net.ssl.trustStorePassword=CHANGEIT


5)            Restart the Central DisplayServer.

               ./stop_servers.shf

               ./start_servers.sh


6)            The Classic install is now complete configured and can be tested by using ldap user name and password at the RTView login page.


On this page: