Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version 2

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2.0

...

The Active Directory certificate can be added to the Java certificate store using the keytool command. Here are example commands for Windows and Linux installations:

Code Block
languagetext
themeRDark
titleListing 1. Windows
cd %JRE_HOME%\lib\security
set keytool="%JRE_HOME%\bin\keytool"
%keytool% -importcert -keystore cacerts -trustcacerts -alias mytrustedca -file <insert filename here> -storepass changeit


Code Block
languagetextthemeRDark
titleListing 2. Linux
cd $JRE_HOME/lib/security
keytool -importcert -keystore cacerts -trustcacerts -alias mytrustedca -file <insert filename here> -storepass changeit

...

The directory service named CustomerID Directory is used to define the configuration used when establishing connections to Active Directory. Prior to Ubisecure CustomerID version 3.7.0 there was a separate file named ad_jndi.properties in the custom directory for the same purpose but that file is no longer read and should be removed. The directory service is still configured quite similarly as a JNDI properties file is written.

Code Block
languagetextthemeRDark
titleListing 3. Example AD Specific Configuration Strings
java.naming.provider.url = ldaps://ad.example.com/ou=Ubilogin,dc=ad,dc=example,dc=com 
java.naming.security.authentication = simple
java.naming.security.principal = cn=UbiUser,cn=Users,dc=ad,dc=example,dc=com 
java.naming.security.credentials = secret 
java.naming.security.protocol = ssl
java.naming.ldap.attributes.binary = objectGUID
policy.password.protocol = ActiveDirectoryDs
com.ubisecure.util.ldap.server.list = ldaps://server1/ ldaps://server2/ 
com.ubisecure.util.ldap.failover.type = single-master

...

There are some properties in the eidm2.properties file that are either crucial or extremely relevant for Active Directory integration. They are: 

Code Block
languagetextthemeRDark
main.ldap.directory = ad
login.generation = random
login.attribute = sAMAccountName 
group.samaccountname.generation = random

...