User Management

Overview

This module is responsible for handling the user’s connectivity to the application. It handles authentication as well as authorization process for the user.

Configuration

Login configuration

For a user to login into Ephesoft, we need to configure “server.xml” file located in the <Ephesoft installation path>\JavaAppServer\conf folder.

The admin will configure a tag named “Realm” located in server.xml. The tag can be located at following structure:

<Server>

<Service>

<Engine>

<Host>

<Context >

<Realm />

</Context>

</Host>

</Engine>

</Service>

</Server>

 

The realm tag has many configurable parameters. The use and need of these parameters depends upon the type of authentication server used by the user.

Various implementations can be configured at once. Please refer to this link for configuring the Realms according to your requirements. Tomcat Realms

The commonly used realm configurations are:

The user which tries to login to the application, the username and password are verified against the mentioned authentication server using the specified configuration properties.

Ephesoft user roles handling

Ephesoft, on the basis of the roles of the user logged in to the application, decides the following:

  • Batch classes the user will be allowed to view on the batch class management view.
  • Batch instance the user will be allowed to view batch instance management view.
  • Folders the user is allowed to view on the folder management view.
  • Scanner profiles and other configurations on the web scanner view.

The user roles for the logged in user will be verified from authentication server configured in the property file<Ephesoft installation path>\Application\WEB-INF\classes\META-INF\dcma-user-connectivity\user-connectivity.properties:

Following is the list of the configurable properties for this properties file

 

  • Configurable properties common for both LDAP & MS-Active Directory

 

Configurable property Type of value Value options Description
user.connectivity_url String A valid URL to connect to the server. The connection URL should be in following format: ldap://(server_address):(port_number)
user.connectivity_config String N-A Class name for specifying the context factory.
user.connectivity_domain_component_name String N-A The domain component name for the LDAP/ msactivedirectory configuration.
user.connectivity_domain_component_organization String N-A The domain component organization name for the LDAP/msactivedirectory configuration.
user.connectivity_username String A valid username to connect and access LDAP /Active Directory server. The username of the user responsible for interacting with the server. Only required if LDAP/Active directory is used for connecting to Ephesoft.
user.connectivity_password String A valid password to connect and access LDAP/ Active Directory server. The password of the user responsible for interacting with the server. Only required if LDAP/ Active directory is used for connecting to Ephesoft.
user.connectivity_groupSearchAttributeFilter String A valid attribute to be searched while getting groups. This Attribute is added so as to make search of groups in LDAP/AD configurable, by default its cn (commonName) is returned.
user.connectivity_userSearchAttributeFilter String A valid attribute to be searched while getting users. This Attribute is added to make search of Users (Organizational Unit) in LDAP/AD configurable, by default its cn(commonName) is returned.

 

  • Properties specific to LDAP configuration 

 

Configurable property Type
of value
Value options Description
user.ldap_user_base String N-A The relative path under which all the users information will be located. This path will be relative to the domain components specified by the user.
user.ldap_group_base String N-A The relative path under which all the groups/roles information will be located. This path will be relative to the domain components specified by the user.

 

 

  • Properties specific to MS-Active Directory configuration

 

Configurable property Type
of value
Value options Description
user.msactivedirectory_context_path String N-A The directory path where the intended user resides.
user.msactivedirectory_group_search_filter String N-A This filter defines can have |(OR), &(AND) and !(NOT) e.g. ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*))

 

  • Properties specific to Tomcat configuration

 

Configurable property Type
of value
Value options Description
user.tomcatUserXmlPath String N-A The directory path where the tomcat configuration xml file resides.

 

  • Connection choosing configuration

 

Configurable property Type
of value
Value options Description
user.connection List of values 0
1
2
The type of connection user wants for the application.
1. for LDAP
2. for MS Active Directory
3. for Tomcat

 

Examples

LDAP

Realm

<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″

connectionURL=”ldap://localhost:389″

connectionName=”cn=Manager,dc=ephesoft,dc=com”

connectionPassword=”********”

userPattern=”cn={0},ou=people,dc= ephesoft,dc=com”

roleBase=”ou=groups,dc= ephesoft,dc=com” roleName=”cn”

roleSearch=”uniqueMember={0}”/>

user-connectivity.properties

  • user. connectivity_url=ldap://localhost:389
  • user. connectivity_config=com.sun.jndi.ldap.LdapCtxFactory
  • user. connectivity_domain_component_name= ephesoft
  • user. connectivity_domain_component_organization=com
  • user. connectivity_username=cn=Manager,dc=ephesoft,dc=com
  • user. connectivity_password=*******
  • user.ldap_user_base=ou=people
  • user.ldap_group_base=ou=groups
  • user.connection=0

MS-Active Directory

Realm

<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″

connectionURL=”[ldap://172.16.1.68/ ldap://localhost:389]”

connectionName=”administrator@ephesoft.com

connectionPassword=”********”

userBase=”cn=Users,DC=ephesoft,DC=com”

userSearch=”(&(objectClass=person)(sAMAccountName={0}))”

userSubtree=”true”

roleBase=”cn=Users,DC=ephesoft,DC=com”

roleName=”cn”

roleSubtree=”true”

roleSearch=”member={0}” referrals=”follow” />

user-connectivity.properties

  • user. connectivity_url=ldap://172.16.0.191:389
  • user. connectivity_config=com.sun.jndi.ldap.LdapCtxFactory
  • user. msactivedirectory_context_path=CN=Users
  • user. connectivity_domain_component_name= ephesoft
  • user. connectivity_domain_component_organization=com
  • user. connectivity_user_name=CN=Administrator,CN=Users,DC= ephesoft,DC=com
  • user. connectivity_password=*******
  • user.connection=1 (for fetching group and user from active directory)

 

Multiple realm example

<Realm className=”org.apache.catalina.realm.CombinedRealm” >

<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″

connectionURL=”[ldap://172.16.1.68/ ldap://172.16.1.68:389]”

connectionName=”administrator@ephesoft.com

connectionPassword=”********”

userBase=”cn=Users,DC=ephesoft,DC=com”

userSearch=”(&(objectClass=person)(sAMAccountName={0}))”

userSubtree=”true”

roleBase=”cn=Users,DC=ephesoft,DC=com”

roleName=”cn” roleSubtree=”true”

roleSearch=”member={0}” referrals=”follow” />

 

<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″

connectionURL=”[ldap://172.16.1.68/ ldap://172.16.1.68:389]”

connectionName=”administrator@ephesoft.com

connectionPassword=”********”

userBase=”ou=test1,DC=ephesoft,DC=com”

userSearch=”(&(objectClass=person)(sAMAccountName={0}))”

userSubtree=”true”

roleBase=”ou=test1,DC=ephesoft,DC=com” roleName=”cn”

roleSubtree=”true” roleSearch=”member={0}” referrals=”follow”/>

 

<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″

connectionURL=”[ldap://172.16.1.68/ ldap://172.16.1.68:389]”

connectionName=”administrator@ephesoft.com

connectionPassword=”********”

userBase=”ou=test,DC=ephesoft,DC=com”

userSearch=”(&(objectClass=person)(sAMAccountName={0}))”

userSubtree=”true” roleBase=”ou=test,DC=ephesoft,DC=com”

roleName=”cn” roleSubtree=”true”

roleSearch=”member={0}” referrals=”follow” />

</Realm>

 

Global realm example

<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″

connectionURL=”ldap://172.16.1.68:3268″

connectionName=”administrator@ephesoft.com

connectionPassword=”********”

userBase=” DC=ephesoft,DC=com”

userSearch=” (sAMAccountName={0})”

userSubtree=”true” roleBase=”ou=test,DC=ephesoft,DC=com”

roleName=”cn” roleSubtree=”true”

roleSearch=”member={0}” referrals=”follow” />