Ubisecure CustomerID needs an access to the main user LDAP directory and a directory service is needed to establish this connection. To create the service open Ubisecure SSO Management.
- Access the URL
UAS_URL/ubilogin
in a browser - Create a new Service in Services tab (Select Home → Services → New Service...)
- Title:
CustomerID Directory
Directory type:
Ubilogin Directory
orActive Directory
SelectActive Directory
only when external AD is used for CustomerID user storage. Typically Ubilogin Directory is used.
- Title:
- Click OK
Append one of the following two configurations to the existing text in the "Configuration String" field, depending if UbiloginDirectory or Active Directory is used for CustomerID user data storage: Typically Ubilogin Directory is used.
Ubilogin Directory:Code Block language text policy.password.encoding={SSHA} directory=ldap:///{LDAP root} policy.password.protocol=UbiloginDirectory password-name=password.2
Active Directory:
Code Block language text java.naming.ldap.attributes.binary=objectGUID policy.password.protocol=ActiveDirectoryDs password-name=password.2
You can check the value of
{LDAP root}
for example from thejndi.properties
file situated in the/usr/local/ubisecure/customerid/application/custom
folder. The value is the LDAP root part of thejava.naming.provider.url property
. Example:Code Block language text java.naming.provider.url = ldap://localhost:389/cn=Ubilogin,dc=test
For clustered Ubisecure SSO you will need to specify the following following settings in the CustomerID
jndi.properties
file situated in the/usr/local/ubisecure/customerid/application/custom
folder. This needs to be done for all of the CustomerID nodes.Code Block language text com.ubisecure.util.ldap.server.list=<ldap://server1:port/> <ldap://server2:port/> com.ubisecure.util.ldap.failover.type=single-master (default is multi-master) com.sun.jndi.ldap.connect.timeout=15000 (in milliseconds) com.sun.jndi.ldap.read.timeout=15000 (in milliseconds) com.ubisecure.util.ldap.maxage=120000 (in milliseconds) com.ubisecure.util.ldap.auth.pool.max=8
For clustered Ubisecure SSO you will need the following following settings in the CustomerID Directory settings in the Ubisecure SSO Home → Services tab → CustomerID Directory → Configuration String
Code Block language text com.ubisecure.util.ldap.server.list=<ldap://server1:port/> <ldap://server2:port/> com.ubisecure.util.ldap.failover.type=single-master (default is multi-master) com.sun.jndi.ldap.connect.timeout=15000 (in milliseconds) com.sun.jndi.ldap.read.timeout=15000 (in milliseconds) com.ubisecure.util.ldap.maxage=120000 (in milliseconds) com.ubisecure.util.ldap.auth.pool.max=8
- Click Update
Restart Ubisecure SSO from command line
Code Block language text /etc/init.d/ubilogin-server stop /etc/init.d/ubilogin-server start