This requires editing the ivizgroup.properties on your server in the configuration (conf) directory.
Question:
How do you integrate iDashboards with a LDAPS directory, such as Active Directory, so that users can log into iDashboards with their AD credentials?
Answer:
Connecting to an LDAPS directory is accomplished through our standard LDAPS integration. Please add the lines below to the ivizgroup.properties file which can be located in the iDashboards installation folder (ivizgroup) on the server:
login.module=com.ivizgroup.idb.security.auth.LDAPLoginModulelogin.module.securityLevel=simple
login.module.userBindPattern={0}@domain.com
login.module.connectionURL=ldaps://DCServername:636
login.module.connectionName=username
login.module.connectionPassword=password
The integration requires the information on hand before attempting connectivity to the LDAPS directory:
- The LDAPS connection URL including Domain name and port (Default LDAPS Port: 636)
- Your LDAPS bind pattern. The bind pattern in the example above usually works for AD.
Here are a few more examples of bind patterns:
- Example 1. The following set uses the domain name of the user...
- Example 2. The following set uses the domain name of the user...
- Example 3. The following set uses the SAM Account name of the user…
login.module.userBindPattern=sAMAccountName={0}
# This method will only work if the sAMAccountName is the same as the iDashboards login.
# Many times the sAMAccountName is in the <First Name> <Last Name> format.
Once you have the above set up, try the below steps to confirm if LDAPS is successfully configured:
- Log into the Admin application module
- Create a user with a username that exists in your LDAPS directory, with password: 1234
- Now, start the user application interface and login as this new user, in the password field, type in the user's LDAPS password instead of the 1234
- If you are able to log in, then it confirms that LDAPS is successfully integrated
- If you instead encounter a login error, go back into the properties file and make the necessary changes to the bind pattern.
NOTE: The iDashboards username admin will always be authenticated through the normal iDashboards authentication process regardless of any external authentication module that may be in use. This insures that the admin user can always log into iDashboards even if the external system is unavailable.
Creating a Truststore For Tomcat
Many implementation of LDAPS require a Truststore be created and used with Tomcat to connect to the LDAPS server properly. What you will need is the Client Authentication Certificate from the Domain Controller you configured in your ivizgroup.properties file.
From there, you will need to use the java keytool utility to create a truststore.
You will need to add the truststore to your Tomcat config. So Please see Opening the Tomcat Control Panel for how to do this.
In the Java Options box, you will need to add 2 new values.
-Djavax.net.ssl.trustStore=<path to the truststore you created>
-Djavax.net.ssl.trustStorePass=<password you configured>
Once you restart your iDashboards Service, that Certificate will be active in your environment.
For More Information:
iDashboards Admin Manual 13.3.1 External Authentication
iDashboards Admin Manual 13.3.2 Configuring LDAP Authentication
Disclaimer: iDashboards Technical Support Engineers are not Active Directory Administrators (ADA) who know in depth knowledge. We often learn these skills on the job and have limited knowledge. We do our best to help you with your software in determining if: you are not leveraging the software in the best way for your data or you found a bug in the software, because we want to assist you in your success.
If the above is unable to resolve the issue, then please contact Your Organization's Active Directory Admin for further assistance and if unable to resolve internally then contact iDashboards Support for further assistance.
Comments
0 comments
Please sign in to leave a comment.