Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 75

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 76

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: 'Release 1.12.1' updated

...

This article describes the configuration of the JOC Cockpit to use an LDAP Directory Service for authentication and authorization that is performed with Apache Shiro. Note that the authoritative documentation of Shiro is provided by the Shiro project and may differ from the descriptions below explanations depending on the Shiro version in use.

...

LDAP configuration information is stored out in the JOC Cockpit's shiro.ini file whose overall configuration is described in the Authentication and Authorization - Configuration article. A general introduction to authentication and authorization with JOC Cockpit is provided with the JOC Cockpit - Authentication and Authorization article.

A rrestart restart of JOC Cockpit is not required after changing the shiro.ini configuration file either by using the JOC Cockpit Account Manager or a text editor.

Release 1.12.1 and Newer

From Three changes relevant to the configuration of LDAP authentication and authorization are introduced with Release 1.12.1 onwards LDAP configuration and other :

  • All authentication and authorization information is stored in the

...

  • Reporting database.

...

  • A form based editor which users can use to configure LDAP authentication is available in the JOC Cockpit. This editor is only available for users with the necessary permissions such as the default root user with the all role and is accessed via the "Manage Accounts" menu.

A shiro.ini file is still available but is overwritten with the current configuration from the reporting database each time a user with permissions to modify the authentication and authorization configuration logs out. This file is intended as a backup if system administrators are faced with all users being locked out of the system.

...

  • Automatic import and backup functions for the authentication and authorization information are available. Both the import and backup functions use Shiro files and are triggered by :
    • The import function automatically imports a file named shiro.ini to the Reporting database and the contents of this file will overwrite the authentication and authorization information in the Reporting database.
    • The backup function automatically stores the authentication and authorization information in a file named shiro.ini.active. At the same time an existing shiro.ini.active file will be renamed shiro.ini.backup and any already existing file with that name will be overwritten.

Relevant Tools

  • An LDAP Browser:
    • The screenshots used in this article were made with the "Softerra LDAP Browser", which was configured to use the relevant LDAP Directory Service.
  • A command line utility:
    • The example commands used were executed with ldapSearch.

...