Setting up Active Directory
- Procedure
- In the
Auth Type field, select the type of authentication for the Active Directory server to perform:
KerberosSimple Authentication (username/password)
- Depending on the type of authentication you selected, enter the information in the relevant fields.
Field Description Server Name, Server IP Name and IP address of the remote authentication server Simple Authentication- Enter either the server name or the IP address.
- If server name is not entered, it is treated as an empty string, and not as NULL.
Kerberos- The server name cannot be empty.
- Add the server name and IP address in the
/etc/hosts file in the following format:
<IP_address> <ServerName>
Enable (check box) By selecting the check box, this remote authentication server is enabled for the appliance after you click Update. Port Enter the port number for the remote authentication server, if you want to change the default value. Enable SSL (check box) By selecting this check box, secure connection is established on the AD server. Ensure that you have the certificate file of each AD server and that the certificate is added to the trust store. See step 5.
Realm The realm for the remote authentication server For example:
SQA2008R2a.lab
NT Domain Domain name of the remote authentication server For example:
SQA2008Ra
Applicable only to the Simple Authentication type.
User, Password Credentials of any user who has access to the Active Directory server. This is required so that when the daily AD user cleanup task runs, if the users with remote authentication are removed from all associated roles or groups, or are disabled or deleted from the AD server, the corresponding users are also removed from the Management Users tab. - Click the
Test button to test the connection to the specified Active Directory server.
- When prompted, enter a login name and password of any user for the server and click Test Connection.
- The pop-up remains open to display the status of the test. If the connection test times out (after fifteen seconds), a time-out message appears in the Connection Status box on the pop-up.
- Click Update to save your entries or changes.
- Import the AD server certificates:
- Go to the Administration > SSL Certificate > Trusted Certificates tab.
- Each server has its own certificate. Paste each server's certificate in the Import Trusted Certificate box. Each certificate must begin on a new line.
- Click Import.
- Click Yes to confirm restarting the GUI and wait for the GUI to restart.
- After adding the certificate to the trust store, in the file
/loglogic/tomcat/bin/setenv.sh, disable endpoint verification by setting the value of the
JAVA_OPTS
parameter:JAVA_OPTS="$JAVA_OPTS -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true"
Note: If a different value ofJAVA_OPTS
is already configured in the file, add this line in the file after the existing line. - Restart Tomcat for the
JAVA_OPTS
settings to take effect.