Setting up Active Directory

Procedure

  1. In the Auth Type field, select the type of authentication for the Active Directory server to perform:
    • Kerberos
    • Simple Authentication (username/password)
  2. Depending on the type of authentication you selected, enter the information in the relevant fields.
    Field Description
    Server Name, Server IP Name and IP address of the remote authentication server
    Simple Authentication
    • Enter either the server name or the IP address.
    • If server name is not entered, it is treated as an empty string, and not as NULL.
    Kerberos
    • The server name cannot be empty.
    • Add the server name and IP address in the /etc/hosts file in the following format: 
      <IP_address> <ServerName>
    Enable (check box) By selecting the check box, this remote authentication server is enabled for the appliance after you click Update.
    Port Enter the port number for the remote authentication server, if you want to change the default value.
    Enable SSL (check box) By selecting this check box, secure connection is established on the AD server. Ensure that you have the certificate file of each AD server and that the certificate is added to the trust store.

    See Step 5 - Step 7.

    Realm The realm for the remote authentication server

    For example: SQA2008R2a.lab

    NT Domain Domain name of the remote authentication server

    For example: SQA2008Ra

    Applicable only to the Simple Authentication type.

    User, Password Credentials of any user who has access to the Active Directory server. This is required so that when the daily AD user cleanup task runs, if the users with remote authentication are removed from all associated roles or groups, or are disabled or deleted from the AD server, the corresponding users are also removed from the Management Users tab.
  3. Click the Test button to test the connection to the specified Active Directory server.
    1. When prompted, enter a login name and password of any user for the server and click Test Connection.
    2. The pop-up remains open to display the status of the test. If the connection test times out (after fifteen seconds), a time-out message appears in the Connection Status box on the pop-up.
  4. Click Update to save your entries or changes.
  5. Import the AD server certificates:
    1. Go to the Administration > SSL Certificate > Trusted Certificates tab.
    2. Each server has its own certificate. Paste each server's certificate in the Import Trusted Certificate box. Each certificate must begin on a new line.
    3. Click Import.
    4. Click Yes to confirm restarting the GUI and wait for the GUI to restart.
  6. After adding the certificate to the trust store, in the file /loglogic/tomcat/bin/setenv.sh, disable endpoint verification by setting the value of the JAVA_OPTS parameter: 
    JAVA_OPTS="$JAVA_OPTS -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"
    Note: If a different value of JAVA_OPTS is already configured in the file, add this line in the file after the existing line.
  7. Restart Tomcat for the JAVA_OPTS settings to take effect.
Related tasks