{"id":2529,"date":"2014-12-31T01:41:53","date_gmt":"2014-12-31T01:41:53","guid":{"rendered":"https:\/\/ephesoft.com\/docs\/?p=2529"},"modified":"2020-12-03T14:39:46","modified_gmt":"2020-12-03T21:39:46","slug":"how-to-configuring-ad-using-the-standard-ldap-service-port","status":"publish","type":"docs","link":"https:\/\/ephesoft.com\/docs\/products\/transact\/configurations\/user-connectivity\/active-directory-resources\/how-to-configuring-ad-using-the-standard-ldap-service-port\/","title":{"rendered":"How to Configure Active Directory Using the Standard LDAP Service Port"},"content":{"rendered":"
By default, MS Active Directory supports all LDAP connections using the Standard 389 port.<\/p>\n
You can configure Ephesoft to do the same\u00a0by following the instructions below.<\/p>\n
Applicable Ephesoft versions:<\/strong><\/p>\n Ephesoft v4.x and up<\/p>\n 1. First you have to configure the Active Directory to pull the groups so you can set the role(s) for the batch classes. To do this you will modify the user-connectivity.properties file located in:<\/p>\n Epehesoft Install Directory\\Application\\WEB-INF\\classes\\META-INF\\dcma-user-connectivity<\/strong><\/em><\/p>\n Set up the following properties for Active Directory:<\/p>\n user.connectivity_url=ldap:\/\/<Servername\/IP>:389<\/em> Configuration\u00a0that need to be modified:<\/strong><\/span><\/p>\n user.connectivity_url<\/strong>\u00a0\u2013 This is the url to the AD\/LDAP server<\/p>\n user.msactivedirectory_context_path\u00a0<\/strong>\u2013 path to root OU where groups reside. Multiple locations can be specified with a \u201c;;\u201d delimiter (eg. OU=Internal Groups;;OU=Contractors)<\/p>\n user.connectivity_domain_component_name<\/strong>\u00a0\u2013 component value for AD is DC below the root DC. There can only one value here such as \u2018ephesoft\u2019. \u2018cn=na,cn=ephesoft\u2019 or \u2018cn=ephsesft\u2019 is not allowed.<\/p>\n user.connectivity_domain_component_organization<\/strong>\u00a0\u2013 root DC of the AD store (typically \u201ccom\u201d)<\/p>\n user.connectivity_username<\/strong>\u00a0\u2013 User name to connect to the AD server.<\/p>\n user.connectivity_password<\/strong>\u00a0\u2013 User password to connect to the AD server.<\/p>\n user.msactivedirectory_group_search_filter<\/strong>\u00a0\u2013 Display only the groups that meets the filter value<\/p>\n user.connection<\/strong>\u00a0\u2013 value should be set between\u00a00-2 in order to enable\u00a0the AD, LDAP or Tomcat configuration in order to authenticate users.<\/p>\n 2. Next you have to modify the path for authentication of the users. The file you have to modify is called server.xml and it is located in:<\/p>\n Epehesoft Install Directory\\JavaAppServer\/conf<\/strong><\/em><\/p>\n Modify the realm element to have the url, name, password, pattern and role base for the Active Directory instance.<\/p>\n <Realm\u00a0<\/em><\/p>\n className=”org.apache.catalina.realm.JNDIRealm”<\/em> Attributes in Realm element that need to be modified:<\/strong><\/span><\/p>\n connectionURL<\/strong>\u00a0\u2013 This is the url to the LDAP server<\/p>\n connectionName<\/strong>\u00a0\u2013 User name to connect to the AD server.<\/p>\n connectionPassword<\/strong>\u00a0\u2013 User password to connect to the AD server.<\/p>\n userPattern<\/strong>\u00a0\u2013 path and pattern to the users<\/p>\n roleBase<\/strong>\u00a0\u2013 path to root where groups reside. Groups must have a common OU to be included in the role base but can be is sub directories under this specified root<\/p>\n roleSubtree<\/strong>\u00a0\u2013 attribute to enable searches in sub groups<\/p>\n roleName<\/strong>\u00a0\u2013 attribute in AD of the Groups that should be included<\/p>\n roleSearch<\/strong>\u00a0\u2013 attribute in the groups specifying the user. The {0} is used as a wild card to indicate all users in those groups<\/p>\n <\/p>\n 3. You will also want to modify the application.properties<\/strong> file located in your\u00a0\\Ephesoft\\Application\\WEB-INF\\classes\\META-INF<\/strong> directory<\/p>\n Update the following settings in this file:<\/p>\n update_super_admin_group=true<\/strong><\/p>\n 4. Once the configuration is set restart the server and log in as the AD user with the value that is placed in as the cn value (the cn may be the full name) and the AD password.<\/p>\n","protected":false},"featured_media":0,"parent":47679,"menu_order":9,"comment_status":"closed","ping_status":"open","template":"","doc_tag":[],"yoast_head":"\n
\nuser.connectivity_config=com.sun.jndi.ldap.LdapCtxFactory<\/em>
\nuser.connectivity_domain_component_name=test,dc=ephesoft<\/em>
\nuser.connectivity_domain_component_organization=com<\/em>
\nuser.connectivity_username=cn=User,dc=test,dc=ephesoft,dc=com<\/em>
\nuser.connectivity_password=P@ssw0rd<\/em>
\n# This Property defines which type of connectivity is used<\/em>
\n# 0 = LDAP<\/em>
\n# 1 = MS Active Directory<\/em>
\n# 2 = Tomcat<\/em>
\nuser.connection=1<\/em>
\n#This Attribute is added so as to make search of groups in LDAP\/AD configurable,by default its cn(commonName) is returned<\/em>
\nuser.connectivity_groupSearchAttributeFilter=cn<\/em>
\n#This Attribute is added to make search of Users (Organisational Unit) in LDAP\/AD configurable,by default its cn<\/em>
\nuser.connectivity_userSearchAttributeFilter=cn<\/em>
\n#Set this for MS Active Directory<\/em>
\nuser.msactivedirectory_context_path=cn=Users;;ou=securitygroup1;;ou=domainusers;;ou=securitygroup2<\/em>
\n# filter can have |(OR), &(AND) and !(NOT)<\/em>
\n# | (|(cn=a*))<\/em>
\n# & (&(cn=a*))<\/em>
\n# ! (!(cn=a*))<\/em>
\n# complex example ((!(cn=a*))(|(cn=ephesoft*)(&(cn=b*)))<\/em>
\nuser.msactivedirectory_group_search_filter=<\/em><\/p>\n
\n connectionURL=”ldap:\/\/YourDomain.com:389″<\/em>
\n connectionName=”CN=Ephesoft Service,OU=Users,DC=YourDomain,DC=com”<\/em>
\n connectionPassword=”UserPassword “<\/em>
\n userPattern=”cn={0},OU=Users,DC=YourDomain,DC=com”<\/em>
\n roleBase=”OU=Security Groups,DC=YourDomain,DC=com”<\/em>
\n roleSubtree=\u201dtrue\u201d<\/em>
\n roleName=”cn”<\/em>
\n roleSearch=”member={0}”<\/em>
\n\/><\/em><\/p>\n