Configure to use LDAP

LDAP ( Lightweight Directory Access Protocol) is the lightweight directory access protocol. iPortal,  iServer and  iEdge all support users with LDAP directory.

First, you should be LDAP login configuration, then use the user in LDAP server to login  iPortal,  iServer and  iEdge. Here we take  iServer as an example.

• LDAP login configuration
  • Configure basic information
  • Configure role mapping
• Connect to the LDAP Server with SSL

LDAP login configuration

In the service management homepage (WebManager), click "Security", and  LDAP Configuration” tab to enter the configuration page.

Configure basic information

LDAP login does not enable by default. After checking the "Log in With LDAP", it needs to set the  LDAP server address,  LDAP admin name,  LDAP admin password and root directory position, etc.

1. "LDAP Server Address": available LDAP server address, such as "ldap://192.168.17.13:389". If the connection protocol of LDAP is SSL, LDAP server address format is: "ldaps://192.168.17.13:636", where 192.168.17.13 is the IP address of LDAP server.
2. "LDAP Linking Protocol": TLS and SSL. LDAP server and iServer serve will be more safer in data exchange through the protocols. It depends on the protocol supported by LDAP server.
3. "LDAP Admin Name": the name of LDAP server administrator, such as cn=Manager, dc=maxcrc and dc=com.
4. "LDAP Admin Password": the password of the administrator, such as: secret.
5. "Root Directory Position": Benchmark DN, such as dc=maxcrc and dc=com.

If you use the SSL protocol, you should configure the SSL to connect to the LDAP server.

Configure role mapping

In the  LDAP login configuration page, you can map LDAP group with role. So all users in this LDAP group will have the access right cooreesponding to the role.

Click the "Add Role Mapping" button, ands select the LDAP Group Name in the pop-up dialog box (the same with group name of root directory in LDAP server). Select the corresponding iServer role for this group. Click OK. So all users in LDAP group can access and login iServer. In this page, you can view the mapping between the added LDAP group and iServer role. You can edit and delete the role mapping.

Connect to the LDAP Server with SSL

If the LDAP server use the SSL encrypted connection agreement, you should also need to set as follows:

1. Download OpenSSL in the OpenSSL website, and install it successfully. For example: installation path D:\OpenSSL-Win64.
2. Add D:\OpenSSL-Win64\bin to the PATH environment variable.
3. You can open the command line and enter the following orders:

openssl s_client -connect 192.168.17.13:636 -showcerts >e:/adserver.crt   

192.168.17.13 is IP address of  LDAP server; e:/adserver.crt is th path of newly created file. adserver.crt is the name of new file. This file is end with the *.crt; Delete the contects between -----BEGIN CERTIFICATE----- and-----END CERTIFICATE----- .

4. Import the new certificate to JRE. Open the command line window in %SuperMap iServer_HOME%/support /jre directory. Enter the following orders:

keytool -import -keystore ./lib/security/cacerts -alias ldap -file e:/adserver.crt

./lib/security/cacerts is the path of cacerts; ldap is the alias, you can specify by youselft; e:/adserver.crt is the path of new file.

5. Input the password: changeit.