By default, MS Active Directory supports all LDAP connections using the Standard 389 port.
You can configure Ephesoft to do the same by following the instructions below.
Applicable Ephesoft versions:
Ephesoft v4.x and up
1. First you have to configure the Active Directory to pull the groups so you can set the role(s) for the batch classes. To do this you will modify the user-connectivity.properties file located in:
Epehesoft Install Directory\Application\WEB-INF\classes\META-INF\dcma-user-connectivity
Set up the following properties for Active Directory:
user.connectivity_url=ldap://<Servername/IP>:389
user.connectivity_config=com.sun.jndi.ldap.LdapCtxFactory
user.connectivity_domain_component_name=test,dc=ephesoft
user.connectivity_domain_component_organization=com
user.connectivity_username=cn=User,dc=test,dc=ephesoft,dc=com
user.connectivity_password=P@ssw0rd
# This Property defines which type of connectivity is used
# 0 = LDAP
# 1 = MS Active Directory
# 2 = Tomcat
user.connection=1
#This Attribute is added so as to make search of groups in LDAP/AD configurable,by default its cn(commonName) is returned
user.connectivity_groupSearchAttributeFilter=cn
#This Attribute is added to make search of Users (Organisational Unit) in LDAP/AD configurable,by default its cn
user.connectivity_userSearchAttributeFilter=cn
#Set this for MS Active Directory
user.msactivedirectory_context_path=cn=Users;;ou=securitygroup1;;ou=domainusers;;ou=securitygroup2
# filter can have |(OR), &(AND) and !(NOT)
# | (|(cn=a*))
# & (&(cn=a*))
# ! (!(cn=a*))
# complex example ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))
user.msactivedirectory_group_search_filter=
Configuration that need to be modified:
user.connectivity_url – This is the url to the AD/LDAP server
user.msactivedirectory_context_path – path to root OU where groups reside. Multiple locations can be specified with a “;;” delimiter (eg. OU=Internal Groups;;OU=Contractors)
user.connectivity_domain_component_name – component value for AD is DC below the root DC. There can only one value here such as ‘ephesoft’. ‘cn=na,cn=ephesoft’ or ‘cn=ephsesft’ is not allowed.
user.connectivity_domain_component_organization – root DC of the AD store (typically “com”)
user.connectivity_username – User name to connect to the AD server.
user.connectivity_password – User password to connect to the AD server.
user.msactivedirectory_group_search_filter – Display only the groups that meets the filter value
user.connection – value should be set between 0-2 in order to enable the AD, LDAP or Tomcat configuration in order to authenticate users.
2. Next you have to modify the path for authentication of the users. The file you have to modify is called server.xml and it is located in:
Epehesoft Install Directory\JavaAppServer/conf
Modify the realm element to have the url, name, password, pattern and role base for the Active Directory instance.
<Realm
className=”org.apache.catalina.realm.JNDIRealm”
connectionURL=”ldap://YourDomain.com:389″
connectionName=”CN=Ephesoft Service,OU=Users,DC=YourDomain,DC=com”
connectionPassword=”UserPassword “
userPattern=”cn={0},OU=Users,DC=YourDomain,DC=com”
roleBase=”OU=Security Groups,DC=YourDomain,DC=com”
roleSubtree=”true”
roleName=”cn”
roleSearch=”member={0}”
/>
Attributes in Realm element that need to be modified:
connectionURL – This is the url to the LDAP server
connectionName – User name to connect to the AD server.
connectionPassword – User password to connect to the AD server.
userPattern – path and pattern to the users
roleBase – path to root where groups reside. Groups must have a common OU to be included in the role base but can be is sub directories under this specified root
roleSubtree – attribute to enable searches in sub groups
roleName – attribute in AD of the Groups that should be included
roleSearch – attribute in the groups specifying the user. The {0} is used as a wild card to indicate all users in those groups
3. You will also want to modify the application.properties file located in your \Ephesoft\Application\WEB-INF\classes\META-INF directory
Update the following settings in this file:
update_super_admin_group=true
4. Once the configuration is set restart the server and log in as the AD user with the value that is placed in as the cn value (the cn may be the full name) and the AD password.