Configuring LDAP Authentication
LDAP/AD Configuration is complex. Please carefully review the instructions to configure your system.
- Create a User within the calendar database that has administrator privileges. The name of the User should be the lower case name of the User that exists within the directory.
- Add a line to the cdaily-4.0.4/WEB-INF/configuration.properties that specifies the LDAP/AD authentication provider:
- Active Directory Users should follow the steps in SSL LDAP Setup on Windows section in Configuring Active Directory Authentication.
- UNIX Users should get the SSL certificate used by the LDAP server and put it in a local keystore file. On Linux the steps were:
openssl x509 -inform pem -in /usr/share/ssl/certs/slapd.pem \
-outform der -out ~/slapd.der
keytool -import -file ~/slapd.der -keystore \
~/sslkey.keystore -alias "type=r.name=sslkey"
- Edit the ldap.properties file located in the cdaily-4.0.4/WEB-INF directory. Refer to the help topic ldap.properties Reference Guide.
- It is strongly recommended that you configure Connect Daily to use SSL communications between the browser and the web server running Connect Daily. Failure to do so may result in compromise of your network security.
- If you want Connect Daily to synchronize its group memberships with your LDAP source, edit each Connect Daily user group and set the LDAP equivalent groups.
Once you have all the steps completed and verified the LDAP authentication is working properly, stop the Connect Daily service and restart it.
If it doesn't work, refer to the topic for Debugging LDAP/AD Authentication.
If desired, you can customize the included source file for this provider and override how it works. If you do this, you will need to change the class name and deploy the compiled file into the cdaily-4.0.4/WEB-INF/classes sub-directory. Set the AuthenticationProvider entry in the configuration.properties file to point to your new class name.
See Also: Automatically Creating Users