LDAP

To use the LDAP-based owner adapter, follow these steps:

Procedure

  1. Log in to the Config UI using your credentials.
  2. On the home page on the Config UI, select the Gateway Engine Properties from the drop-down list.
  3. Expand the Gateway Engine Properties node.
  4. Click the SECURITY > Security tab.
  5. Expand the OAuth node.
  6. Set the adapter properties as follows:
    Owner Adapter Properties for File
    Property Value
    Owner Adapter com.tibco.asg.oauth.identity.provider.file.OwnerAdapterService
    Resource Path Name /examples/OAuth/resources
  7. Set the LDAP properties as follows:
    LDAP Server Connection Parameters
    Property Description
    tibco.clientVar.oauth.identity.provider.ldap.host
      Specifies the hostname or IP address where LDAP directory server runs. This is required.

    For example, ldapserver.api.tibco.com

    tibco.clientVar.oauth.identity.provider.ldap.port
      Specifies the port where LDAP directory server runs. This is required.

    For example, 10389

    tibco.clientVar.oauth.identity.provider.ldap.loginDN
      Specifies the base distinguished name (DN) for the login user.

    For example, uid=admin,ou=system

    tibco.clientVar.oauth.identity.provider.ldap.loginPassword
      Specifies the password for the login user.

    For example, root@123

    tibco.clientVar.oauth.identity.provider.ldap.searchFilter
      Specifies the filter to be used for searching in admin mode against potential user objects.

    For example, search filter is specified as: Objectclass=*

    tibco.clientVar.oauth.identity.provider.ldap.ownerSearchTreeDn
      Specifies the base distinguished name (DN) where the searches for the users begin. You must supply the base DN that narrows the search to the smallest set of objects that includes all valid users.

    For example, ou=people,ou=na,dc=example,dc=org

    tibco.clientVar.oauth.identity.provider.ldap.ownerDnTemplate
      Specifies a template to be used when formatting user's DN before binding.

    For example, uid={0},ou=employee,ou=tsi,o=tibco

    In this string, the variable {0} represents the name of the user. The code substitutes the user name for this variable, and passes the resulting boolean expression to the LDAP server. The LDAP server matches that search expression against user objects to find a match. The search result must contain exactly one match. This is required for bind mode (not in admin search mode).

  8. Click Save to save changes.
  9. Set the owner credentials in the ASG_HOME\examples\OAuth\resources\owner.properties file.
    Note: The owner adapter properties can be set in ASG_CONFIG_HOME\asg.properties file, as follows:
    1. Navigate to the ASG_CONFIG_HOME directory.
    2. Edit the asg.properties file in a text editor.
    3. Set the following property:

      tibco.clientVar.oauth.owner.adapter.class=com.tibco.asg.oauth.identity.provider.jndildap.OwnerAdapterService

    4. Save changes to the asg.properties file.