Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 74

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 75

changes.mady.by.user Alan Amos

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Minor changes to text

...

A rrestart of JOC Cockpit is not required after changing the shiro.ini configuration file either by using the JOC Cockpit Account Manager or a text editor.

Release 1.12.1 and Newer

From Release 1.12.1 onwards LDAP configuration and other authentication and authorization information is stored in the reporting database along with other authentication and authorization information. A . In addition, a form based editor which users can use to configure LDAP authentication is available in the JOC Cockpit. This editor is only available for users with the necessary permissions such as the default root user with the all role . This editor and is accessed via the "Manage Accounts" menu and can be used for the configuration of LDAP authentication.

A shiro.ini file is still available but is overwritten with the current configuration from the reporting database each time a user with permissions to modify the authentication and authorization configuration logs out. This file is intended as a backup if system administrators are faced with all users being locked out of the system.

...

Flowchart
1 [label="1. Set up basic LDAP config\n(URL, etc)"]
1 -> 2 [weight=5, len=0.5]
2 [label="2. Set up authentication\n(userDnTemplate)"]
2 -> 3
3 [label="3. Set up authorization"]
3 -> 4
4 [shape="diamond", label="Are roles to be assigned \nwith groups from LDAP?",fillcolor="lightblue"]
4 -> 5 [label="Yes"]
5 [label="Define GroupRoles mapping"]
4 -> 10 [label="No"]
10 [label="Use Shiro to assign roles to accounts"]
10 -> E2
E2 [shape="circle", style="filled", label="End", color="pink"]
5 -> 6
6 [shape="diamond", label="Has account record a\nmemberOf attribute?",fillcolor="lightblue"]
6 -> 20 [label="Yes"]
20 [label="Specify User Search\l - searchBase\l - userSearchFilter"]
20 -> E3
E3 [shape="circle", style="filled", label="End", color="pink"]
6 -> 7 [label="No"]
7 [label="Specify Group Search\l - groupSearchBase\l - groupSearchFilter\l - groupNameAttribute"]
7 -> 8
8 [shape="diamond", label="Does member attribute contain\naccount name from login?",fillcolor="lightblue"]
8 -> E4 [label="Yes"]
E4 [shape="circle", style="filled", label="End", color="pink"]
8 -> 9 [label="No"]
9 [label="Specify User Search\l - searchBase\l - userSearchFilter"] 
9 -> E5
E5 [shape="circle", style="filled", label="End", color="pink"]

 

1. Basic LDAP Configuration

...