Configuring LDAP

Follow these steps to configure LDAP authentication.

• Try connecting to your AD or LDAP installation with a separate LDAP exploration tool to ensure that all configuration properties are correct before you attempt to configure these in TIBCO Data Science - Team Studio.

• Install TIBCO Data Science - Team Studio.

Procedure
1. Login to Chorus container as a system administrator.
2. Edit the file <installation directory>/shared/ldap.properties file to configure LDAP.
   Change the default entries of the ldap.properties to match your LDAP installation.
   See the ldap.properties.active_directory or ldap.properties.opensource_ldap files for examples. The following shows an example.
   .

   LDAP Settings for Active Directory
   # Set this property to true to enable LDAP authentication. Default is false.
   ldap.enable = false
   # Host and port for accessing LDAP server.
   ldap.host = localhost
   ldap.port = 389
   # Set this property to use Transport Level Security (TLS) for accessing LDAP server. Default is false.
   ldap.start_tls = false
   #LDAP root for search and query
   ldap.base = DC=www,DC=example,DC=com
   # username and password used for binding to LDAP server
   ldap.bind.username = uid=admin,ou=system
   ldap.bind.password = q2W#e4R%
   #-----  Uncomment following properties to enable group membership authentication ------#
   # Note that all three entries must either be commented or uncommented
   # List of LDAP group names that are used for verifying group membership.
   # NOTE: For release 5.3, only one group is supported.
   #ldap.group.names = OtherGroup
   # Search base for looking up members in the groups above.
   #ldap.group.search_base = DC=www,DC=example,DC=com
   #Group Filter for Active Directory. This works only for Active Directory
   #ldap.group.filter = (memberOf={0})
   							
   #------------------------------------------------------------------------------------------#
   # Search base for user authentication
   ldap.user.search_base = OU=CorpUsers,DC=www,DC=example,DC=com
   #Search filter for user authentication. This works only for Active Directory
   ldap.user.filter = (sAMAccountName={0})
   # Mappings of Chorus user properties to LDAP user attributes.
   ldap.attribute.uid = sAMAccountName
   ldap.attribute.ou = department
   ldap.attribute.gn = givenName
   ldap.attribute.sn = sn
   ldap.attribute.mail = mail
   ldap.attribute.title = title If you want to add users from two different groups (for example, Marketing and Sales) but 
   supports only one LDAP group, you have two options: 
   Add a new LDAP group (MarketingSales) to include users from Marketing and Sales. Then bulk import using the rake command below from the MarketingSales group. 
   Disable group search by commenting the lines below from 
   ldap.properties. Then, as an Admin, manually add each user to. 
   ldap.group.search_base
   ldap.group.filter
   ldap.group.namesLDAP Settings for Active Directory
   # Set this property to true to enable LDAP authentication. Default is false.
   ldap.enable = false
   # Host and port for accessing LDAP server.
   ldap.host = localhost
   ldap.port = 389
   # Set this property to use Transport Level Security (TLS) for accessing LDAP server. Default is false.
   ldap.start_tls = false
   #LDAP root for search and query
   ldap.base = DC=www,DC=example,DC=com
   # username and password used for binding to LDAP server
   ldap.bind.username = uid=admin,ou=system
   ldap.bind.password = q2W#e4R%
   #-----  Uncomment following properties to enable group membership authentication ------#
   # Note that all three entries must either be commented or uncommented
   # List of LDAP group names that are used for verifying group membership.
   # NOTE: For release 5.3, only one group is supported.
   #ldap.group.names = OtherGroup
   # Search base for looking up members in the groups above.
   #ldap.group.search_base = DC=www,DC=example,DC=com
   #Group Filter for Active Directory. This works only for Active Directory
   #ldap.group.filter = (memberOf={0})
   							
   #------------------------------------------------------------------------------------------#
   # Search base for user authentication
   ldap.user.search_base = OU=CorpUsers,DC=www,DC=example,DC=com
   #Search filter for user authentication. This works only for Active Directory
   ldap.user.filter = (sAMAccountName={0})
   # Mappings of Chorus user properties to LDAP user attributes.
   ldap.attribute.uid = sAMAccountName
   ldap.attribute.ou = department
   ldap.attribute.gn = givenName
   ldap.attribute.sn = sn
   ldap.attribute.mail = mail
   ldap.attribute.title = title If you want to add users from two different groups (for example, Marketing and Sales) but 
   supports only one LDAP group, you have two options: 
   Add a new LDAP group (MarketingSales) to include users from Marketing and Sales. Then bulk import using the rake command below from the MarketingSales group. 
   Disable group search by commenting the lines below from 
   ldap.properties. Then, as an Admin, manually add each user to. 
   ldap.group.search_base
   ldap.group.filter
   ldap.group.names

3. Restart TIBCO Data Science - Team Studio as follows after making changes to ldap.properties:

   $ chorus_control.sh restart

4. Bulk imports LDAP users with a rake command. This rake task reads the LDAP configuration from the ldap.properties file and imports users from the LDAP group specified in the ldap.group.names property into the TIBCO Data Science - Team Studio database.
   Note: Release 5.3 supports just one group.

   cd  $CHORUS_HOME
   export RAILS_ENV=production
   export PATH=$PATH:$CHORUS_HOME/current/bin
   cd  $CHORUS_HOME/current
   rake ldap:import_users