To set up your security system to use an LDAP data store, you must configure the LDAP properties, and configure the authentication delegate in your application server.
To configure LDAP properties, edit the security.properties file, located in JAGUAR/java/classes/com/sybase/ep/security—see Table 15-4 for the property descriptions. The values you provide depend entirely on your LDAP server and the structure of your ACDB.
This sample illustrates the minimum configuration for a Microsoft Active Directory server. The property values are appropriate for a Windows 2000 Server installation configured for the myorg.com domain. Based on this configuration, users can authenticate with the “username@myorg.com” user name token, and the password specified in the Active Directory administration tool:
// Specify the host name ldap.connection.host=myserver // Define the searchBase of the LDAP server, which typically // contains the components of a domain name. ldap.searchBase=dc=myorg,dc=com // Many LDAP servers allow anonymous browsing, but the default // Windows 2000 installation does not. Use the guest account, // which generally has no password, to perform LDAP queries. ldap.connection.bindname=guest@myorg.com // Leave the password blank, unless it has been modified. ldap.connection.bindpassword= // The following two properties map the Enterprise Security // attributes (attributeMappingNames) to the LDAP attributes // (attributeMappingValues).
// Active Directory uses the attribute userPrincipalName, instead of uid. ldap.attributeMappingNames=uid, cn, email, telephoneNumber, firstName, lastName ldap.attributeMappingValues=userPrincipalName, cn, mail, telephoneNumber, givenName, sn
If you prefer to authenticate with only a user name, the sAMAccountName attribute may work as a substitute for userPrincipalName. The sAMAccountName attribute is supported for backward compatibility with older Windows versions. The revised property definition would be:
ldap.attributeMappingValues=sAMAccountName, cn, mail, telephoneNumber, givenName, sn
Configuring the authentication delegate in EAServer
In Jaguar Manager, expand these successive folders: Servers, <Server Name>, Installed Applications, sybepsecurity, Packages.
In the com.sybase.ep.security.sessionsvcs package, highlight the PortalSession component, and select File | Component Properties.
In the Component Properties dialog box, select the EJB Local Refs tab.
Highlight the “ejb/AuthenticationDelegate” EJB local reference, and set the Link Value to the JNDI component name of the authentication delegate; for example, “com.sybase.ep.security.authdelegate/LDAPDelegate”.
Configuring the authentication delegate in WebLogic
Using a text editor, open the ejb-jar.xml file, located in the sybepsecurity/sybepsecurity.ear.exploded/ com.sybase.ep.security.sessionsvcs.jar/META-INF subdirectory of your WebLogic installation.
Below the line <!-- authentication
delegate -->, set the value of <ejb-link> to “LDAPDelegate.”
If the value of <ejb-link> is
set to “ACDBDelegate” the ACDB is
used as the data store, instead of LDAP.
