LDAP の構成

LDAP 認証を構成するには、次の手順に従います。

• TIBCO Data Science - Team Studio でこれらの設定を行う前に、別の LDAP 探索ツールを使用して AD または LDAP インストールに接続し、すべての設定プロパティが正しいことを確認してください。

• TIBCO Data Science - Team Studio をインストールします。

手順
1. システム管理者として Chorus コンテナにログインします。
2. <installation directory>/shared/ldap.properties ファイルを編集して、LDAP を構成します。
   LDAP インストールに一致するように ldap.properties のデフォルトのエントリを変更します。
   例については、ldap.properties.active_directory または ldap.properties.opensource_ldap ファイルを参照してください。以下に例を示します。

   LDAP Settings for Active Directory
   # Set this property to true to enable LDAP authentication. Default is false.
   ldap.enable = false
   # Host and port for accessing LDAP server.
   ldap.host = localhost
   ldap.port = 389
   # Set this property to use Transport Level Security (TLS) for accessing LDAP server. Default is false.
   ldap.start_tls = false
   #LDAP root for search and query
   ldap.base = DC=www,DC=example,DC=com
   # username and password used for binding to LDAP server
   ldap.bind.username = uid=admin,ou=system
   ldap.bind.password = q2W#e4R%
   #-----  Uncomment following properties to enable group membership authentication ------#
   # Note that all three entries must either be commented or uncommented
   # List of LDAP group names that are used for verifying group membership.
   # NOTE: For release 5.3, only one group is supported.
   #ldap.group.names = OtherGroup
   # Search base for looking up members in the groups above.
   #ldap.group.search_base = DC=www,DC=example,DC=com
   #Group Filter for Active Directory. This works only for Active Directory
   #ldap.group.filter = (memberOf={0})
                               
   #------------------------------------------------------------------------------------------#
   # Search base for user authentication
   ldap.user.search_base = OU=CorpUsers,DC=www,DC=example,DC=com
   #Search filter for user authentication. This works only for Active Directory
   ldap.user.filter = (sAMAccountName={0})
   # Mappings of Chorus user properties to LDAP user attributes.
   ldap.attribute.uid = sAMAccountName
   ldap.attribute.ou = department
   ldap.attribute.gn = givenName
   ldap.attribute.sn = sn
   ldap.attribute.mail = mail
   ldap.attribute.title = title If you want to add users from two different groups (for example, Marketing and Sales) but 
   supports only one LDAP group, you have two options: 
   Add a new LDAP group (MarketingSales) to include users from Marketing and Sales. Then bulk import using the rake command below from the MarketingSales group. 
   Disable group search by commenting the lines below from 
   ldap.properties. Then, as an Admin, manually add each user to. 
   ldap.group.search_base
   ldap.group.filter
   ldap.group.namesLDAP Settings for Active Directory
   # Set this property to true to enable LDAP authentication. Default is false.
   ldap.enable = false
   # Host and port for accessing LDAP server.
   ldap.host = localhost
   ldap.port = 389
   # Set this property to use Transport Level Security (TLS) for accessing LDAP server. Default is false.
   ldap.start_tls = false
   #LDAP root for search and query
   ldap.base = DC=www,DC=example,DC=com
   # username and password used for binding to LDAP server
   ldap.bind.username = uid=admin,ou=system
   ldap.bind.password = q2W#e4R%
   #-----  Uncomment following properties to enable group membership authentication ------#
   # Note that all three entries must either be commented or uncommented
   # List of LDAP group names that are used for verifying group membership.
   # NOTE: For release 5.3, only one group is supported.
   #ldap.group.names = OtherGroup
   # Search base for looking up members in the groups above.
   #ldap.group.search_base = DC=www,DC=example,DC=com
   #Group Filter for Active Directory. This works only for Active Directory
   #ldap.group.filter = (memberOf={0})
                               
   #------------------------------------------------------------------------------------------#
   # Search base for user authentication
   ldap.user.search_base = OU=CorpUsers,DC=www,DC=example,DC=com
   #Search filter for user authentication. This works only for Active Directory
   ldap.user.filter = (sAMAccountName={0})
   # Mappings of Chorus user properties to LDAP user attributes.
   ldap.attribute.uid = sAMAccountName
   ldap.attribute.ou = department
   ldap.attribute.gn = givenName
   ldap.attribute.sn = sn
   ldap.attribute.mail = mail
   ldap.attribute.title = title If you want to add users from two different groups (for example, Marketing and Sales) but 
   supports only one LDAP group, you have two options: 
   Add a new LDAP group (MarketingSales) to include users from Marketing and Sales. Then bulk import using the rake command below from the MarketingSales group. 
   Disable group search by commenting the lines below from 
   ldap.properties. Then, as an Admin, manually add each user to. 
   ldap.group.search_base
   ldap.group.filter
   ldap.group.names

3. ldap.properties を変更した後、以下のとおり TIBCO Data Science - Team Studio を再起動します。

   $chorus_control.sh restart

4. rake コマンドを使用して LDAP ユーザーを一括インポートします。この rake タスクは、ldap.properties ファイルから LDAP 設定を読み取り、ldap.group.names プロパティで指定された LDAP グループからユーザーを TIBCO Data Science - Team Studio データベースにインポートします。
   ノート：リリース 5.3 は 1 つのグループのみをサポートします。

   cd  $CHORUS_HOME
   export RAILS_ENV=production
   export PATH=$PATH:$CHORUS_HOME/current/bin
   cd  $CHORUS_HOME/current
   rake ldap:import_users