Page History
...
- Early JS7 releases make use of the JS7 - Shiro Identity Service, for migration see JS7 - Shiro Identity Service Migration.
- The connection to an LDAP Server can be secured, see JS7 - LDAP over TLS (using STARTTLS ) and LDAP over SSL (using LDAPS).
This article explains the steps required for configuration of an LDAP Directory Service:
...
| Name | Value | Description |
|---|---|---|
LDAP Server URL |
| The protocol, host and the port of the LDAP Server. |
LDAP Start TLS | Checkbox checked or unchecked | To enable StartTls set the value to See JS7 - LDAP over TLS (using STARTTLS ) and LDAP over SSL (using LDAPS) |
Host Name Verification | on|off | Enables host name verification for the server certificate. The default value is off. |
LDAP Truststore Path | If the LDAP Server is to be configured for TLS/SSL protocols then the indicated truststore has to include an X.509 certificate specified for the Extended Key Usage of Server Authentication. | |
LDAP Truststore Password | If an LDAP truststore is used and the LDAP truststore is protected by a password, then the password has to be specified. | |
LDAP Truststore Type | If an LDAP truststore is used then the type of the indicated truststore has to be specified being either |
...
- The LDAP Server offers two accounts:
gauss: the user account is assigned theallrole which allows access to any operation in JOC Cockpit.newton: the user account is assigned theapplication_managerrole which includes to manage scheduling object, but for example does not allow to restart a Controller.- The roles and permissions are described with the JS7 - Default Roles and Permissions article.
- The accounts are members in different LDAP groups that are mapped to respective roles in JOC Cockpit.
The LDAP settings are available for download: PublicLDAP.ldap.json
- The popup window to manage LDAP Server settings offers an Upload button to import downloaded settings.
- The popup window to manage LDAP Server settings offers an Upload button to import downloaded settings.
Both accounts gauss and newton make use of the same password:
User Account Password LDAP Group Role gauss password mathematicians allnewton password scientists application_manager
Logging
- JS7 - Logging
- For analysis of LDAP Server connections, authentication and authorization consider increasing the log level and checking the output of JOC Cockpit's
authentication-debug.logfile.
...
Overview
Content Tools