{"id":1343,"date":"2014-09-07T14:34:45","date_gmt":"2014-09-07T14:34:45","guid":{"rendered":"https:\/\/ephesoft.com\/docs\/?p=1343"},"modified":"2020-12-03T14:51:09","modified_gmt":"2020-12-03T21:51:09","slug":"user-management","status":"publish","type":"docs","link":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/user-management\/","title":{"rendered":"User Management"},"content":{"rendered":"
This module is responsible for handling the user’s connectivity to the application. It handles authentication as well as authorization process for the user.<\/p>\n
For a user to login into Ephesoft, we need to configure \u201cserver.xml\u201d file located in the <Ephesoft installation path>\\JavaAppServer\\conf <\/b>folder.<\/p>\n
The admin will configure a tag named \u201cRealm\u201d located in server.xml. The tag can be located at following structure:<\/p>\n
<Server>\r\n<Service>\r\n<Engine>\r\n<Host>\r\n<Context >\r\n<Realm \/><\/b>\r\n<\/Context>\r\n<\/Host>\r\n<\/Engine>\r\n<\/Service>\r\n<\/Server><\/pre>\nThe realm tag has many configurable parameters. The use and need of these parameters depends upon the type of authentication server used by the user.<\/p>\n
Various implementations can be configured at once. Please refer to this link for configuring the Realms according to your requirements. Tomcat Realms<\/a><\/p>\n
The commonly used realm configurations are:<\/p>\n
\n
- LDAP: LDAP Realm<\/a><\/li>\n
- Tomcat internal realm: Tomcat Internal Memory Realm<\/a><\/li>\n<\/ul>\n
The user which tries to login to the application, the username and password are verified against the mentioned authentication server using the specified configuration properties.<\/p>\n
Ephesoft user roles handling<\/span><\/h3>\n
Ephesoft, on the basis of the roles of the user logged in to the application, decides the following:<\/p>\n
\n
- Batch classes the user will be allowed to view on the batch class management view.<\/li>\n
- Batch instance the user will be allowed to view batch instance management view.<\/li>\n
- Folders the user is allowed to view on the folder management view.<\/li>\n
- Scanner profiles and other configurations on the web scanner view.<\/li>\n<\/ul>\n
The user roles for the logged in user will be verified from authentication server configured in the property file<Ephesoft installation path>\\Application\\WEB-INF\\classes\\META-INF\\dcma-user-connectivity\\user-connectivity.properties<\/b>:<\/p>\n
Following is the list of the configurable properties for this properties file<\/p>\n
<\/p>\n
\n
- Configurable properties common for both LDAP & MS-Active Directory<\/b><\/li>\n<\/ul>\n
<\/p>\n
[table caption=”” width=”800″ colwidth=”20|100|50″ colalign=”left|left|center|left|right”]
\nConfigurable property,Type of value,Value options,Description
\nuser.connectivity_url,String,A valid URL to connect to the server.,”The connection URL should be in following format: ldap:\/\/(server_address):(port_number)”
\nuser.connectivity_config,String,N-A,Class name for specifying the context factory.
\nuser.connectivity_domain_component_name,String,N-A,The domain component name for the LDAP\/ msactivedirectory configuration.
\nuser.connectivity_domain_component_organization,String,N-A,”The domain component organization name for the LDAP\/msactivedirectory configuration.”
\nuser.connectivity_username,String,A valid username to connect and access LDAP \/Active Directory server.,”The username of the user responsible for interacting with the server. Only required if LDAP\/Active directory is used for connecting to Ephesoft.”
\nuser.connectivity_password,String,A valid password to connect and access LDAP\/ Active Directory server.,”The password of the user responsible for interacting with the server. Only required if LDAP\/ Active directory is used for connecting to Ephesoft.”
\nuser.connectivity_groupSearchAttributeFilter,String,A valid attribute to be searched while getting groups.,”This Attribute is added so as to make search of groups in LDAP\/AD configurable, by default its cn (commonName) is returned.”
\nuser.connectivity_userSearchAttributeFilter,String,A valid attribute to be searched while getting users.,”This Attribute is added to make search of Users (Organizational Unit) in LDAP\/AD configurable, by default its cn(commonName) is returned.”<\/p>\n[\/table]<\/p>\n
<\/p>\n
\n
- Properties specific to LDAP configuration\u00a0<\/b><\/li>\n<\/ul>\n
<\/p>\n
[table caption=”” width=”800″ colwidth=”20|100|50″ colalign=”left|left|center|left|right”]
\nConfigurable property,Type~~of value,Value options,Description
\nuser.ldap_user_base,String,N-A,The relative path under which all the users information will be located. This path will be relative to the domain components specified by the user.
\nuser.ldap_group_base,String,N-A,The relative path under which all the groups\/roles information will be located. This path will be relative to the domain components specified by the user.
\n[\/table]<\/p>\n<\/p>\n
<\/p>\n
\n
- Properties specific to MS-Active Directory configuration<\/b><\/li>\n<\/ul>\n
<\/p>\n
[table caption=”” width=”800″ colwidth=”20|100|50″ colalign=”left|left|center|left|right”]
\nConfigurable property,Type~~of value,Value options,Description
\nuser.msactivedirectory_context_path,String,N-A,The directory path where the intended user resides.
\nuser.msactivedirectory_group_search_filter,String,N-A,”This filter defines can have |(OR), &(AND) and !(NOT) e.g. ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*))”
\n[\/table]<\/p>\n<\/p>\n
\n
- Properties specific to Tomcat configuration<\/b><\/li>\n<\/ul>\n
<\/p>\n
[table caption=”” width=”800″ colwidth=”20|100|50″ colalign=”left|left|center|left|right”]
\nConfigurable property,Type~~of value,Value options,Description
\nuser.tomcatUserXmlPath,String,N-A,The directory path where the tomcat configuration xml file resides.
\n[\/table]<\/p>\n<\/p>\n
\n
- Connection choosing configuration<\/b><\/li>\n<\/ul>\n
<\/p>\n
[table caption=”” width=”800″ colwidth=”20|100|50″ colalign=”left|left|center|left|right”]
\nConfigurable property,Type~~of value,Value options,Description
\nuser.connection,List of values,0~~1~~2,The type of connection user wants for the application.~~1. for LDAP~~2. for MS Active Directory~~3. for Tomcat
\n[\/table]<\/p>\n<\/p>\n
Examples<\/span><\/h3>\n
LDAP<\/span><\/h3>\n
Realm<\/span><\/h4>\n
<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″<\/p>\n
connectionURL=”ldap:\/\/localhost:389″<\/p>\n
connectionName=”cn=Manager,dc=ephesoft,dc=com”<\/p>\n
connectionPassword=”********”<\/p>\n
userPattern=”cn={0},ou=people,dc= ephesoft,dc=com”<\/p>\n
roleBase=”ou=groups,dc= ephesoft,dc=com” roleName=”cn”<\/p>\n
roleSearch=”uniqueMember={0}”\/><\/p>\n
user-connectivity.properties<\/span><\/h4>\n
\n
- user. connectivity_url=ldap:\/\/localhost:389<\/li>\n
- user. connectivity_config=com.sun.jndi.ldap.LdapCtxFactory<\/li>\n
- user. connectivity_domain_component_name= ephesoft<\/li>\n
- user. connectivity_domain_component_organization=com<\/li>\n
- user. connectivity_username=cn=Manager,dc=ephesoft,dc=com<\/li>\n
- user. connectivity_password=*******<\/li>\n
- user.ldap_user_base=ou=people<\/li>\n
- user.ldap_group_base=ou=groups<\/li>\n
- user.connection=0<\/li>\n<\/ul>\n
MS-Active Directory<\/span><\/h3>\n
Realm<\/span><\/h4>\n
<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″<\/p>\n
connectionURL=”[ldap:\/\/172.16.1.68\/ ldap:\/\/localhost:389]”<\/p>\n
connectionName=”administrator@ephesoft.com<\/a>”<\/p>\n
connectionPassword=”********”<\/p>\n
userBase=”cn=Users,DC=ephesoft,DC=com”<\/p>\n
userSearch=”(&(objectClass=person)(sAMAccountName={0}))”<\/p>\n
userSubtree=”true”<\/p>\n
roleBase=”cn=Users,DC=ephesoft,DC=com”<\/p>\n
roleName=”cn”<\/p>\n
roleSubtree=”true”<\/p>\n
roleSearch=”member={0}” referrals=”follow” \/><\/p>\n
user-connectivity.properties<\/span><\/h4>\n
\n
- user. connectivity_url=ldap:\/\/172.16.0.191:389<\/li>\n
- user. connectivity_config=com.sun.jndi.ldap.LdapCtxFactory<\/li>\n
- user. msactivedirectory_context_path=CN=Users<\/li>\n
- user. connectivity_domain_component_name= ephesoft<\/li>\n
- user. connectivity_domain_component_organization=com<\/li>\n
- user. connectivity_user_name=CN=Administrator,CN=Users,DC= ephesoft,DC=com<\/li>\n
- user. connectivity_password=*******<\/li>\n
- user.connection=1 (for fetching group and user from active directory)<\/li>\n<\/ul>\n
<\/p>\n
Multiple realm example<\/span><\/h3>\n
<Realm className=”org.apache.catalina.realm.CombinedRealm” ><\/p>\n
<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″<\/p>\n
connectionURL=”[ldap:\/\/172.16.1.68\/ ldap:\/\/172.16.1.68:389]”<\/p>\n
connectionName=”administrator@ephesoft.com<\/a>”<\/p>\n
connectionPassword=”********”<\/p>\n
userBase=”cn=Users,DC=ephesoft,DC=com”<\/p>\n
userSearch=”(&(objectClass=person)(sAMAccountName={0}))”<\/p>\n
userSubtree=”true”<\/p>\n
roleBase=”cn=Users,DC=ephesoft,DC=com”<\/p>\n
roleName=”cn” roleSubtree=”true”<\/p>\n
roleSearch=”member={0}” referrals=”follow” \/><\/p>\n
<\/p>\n
<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″<\/p>\n
connectionURL=”[ldap:\/\/172.16.1.68\/ ldap:\/\/172.16.1.68:389]”<\/p>\n
connectionName=”administrator@ephesoft.com<\/a>”<\/p>\n
connectionPassword=”********”<\/p>\n
userBase=”ou=test1,DC=ephesoft,DC=com”<\/p>\n
userSearch=”(&(objectClass=person)(sAMAccountName={0}))”<\/p>\n
userSubtree=”true”<\/p>\n
roleBase=”ou=test1,DC=ephesoft,DC=com” roleName=”cn”<\/p>\n
roleSubtree=”true” roleSearch=”member={0}” referrals=”follow”\/><\/p>\n
<\/p>\n
<Realm className=”org.apache.catalina.realm.JNDIRealm” debug=”99″<\/p>\n
connectionURL=”[ldap:\/\/172.16.1.68\/ ldap:\/\/172.16.1.68:389]”<\/p>\n