LDAP directory service creation on Windows - CustomerID

Owned by ubisebastian
2019-11-04
2 min read

Ubisecure CustomerID needs an access to the main user LDAP directory. A directory service is needed to establish this connection. To create the service open Ubisecure SSO Management:

  1. Access the URL uas_url/ubilogin in a browser
  2. Create a new Service in Services tab (Select HomeServicesNew Service...)
    • Title: 
      CustomerID Directory
    • Directory type: 
      Ubilogin Directory        or  Active Directory
      Select Active Directory only when external AD is used for CustomerID user storage. Typically Ubilogin Directory is used.
  3. Click OK

  4. Append one of the following two configurations to the existing text in the "Configuration String" field, depending on whether UbiloginDirectory or Active Directory is used for CustomerID user data storage; typically Ubilogin Directory is used.
    Ubilogin Directory:

    policy.password.encoding={SSHA}
directory=ldap:///{LDAP root}
policy.password.protocol=UbiloginDirectory
password-name=password.2
java.naming.factory.initial=com.ubisecure.util.ldap.jldap.JLDAP
directory.schema=Ubilogin Directory

    Active Directory:

    java.naming.ldap.attributes.binary=objectGUID
policy.password.protocol=ActiveDirectoryDs
password-name=password.2

    You can check the value of {LDAP root} for example from the jndi.properties file situated in the %PROGRAMFILES%\Ubisecure\customerid\application\custom folder. The value is the LDAP root part of the java.naming.provider.url property. An example: 

    java.naming.provider.url = ldap://localhost:389/cn=Ubilogin,dc=test

  5. For clustered Ubisecure SSO, you will need the following settings in the CustomerID jndi.properties file situated in the folder %PROGRAMFILES%\Ubisecure\customerid\application\custom:

    com.ubisecure.util.ldap.server.list=<ldap://server1:port/> <ldap://server2:port/>
com.ubisecure.util.ldap.failover.type=single-master (default is multi-master)
com.sun.jndi.ldap.connect.timeout=15000 (in milliseconds)
com.sun.jndi.ldap.read.timeout=15000 (in milliseconds)
com.ubisecure.util.ldap.maxage=120000 (in milliseconds)
com.ubisecure.util.ldap.auth.pool.max=8

  6. For clustered Ubisecure SSO, add the same settings in the CustomerID Directory settings in the Ubisecure SSO HomeServices tab → CustomerID Directory → Configuration String:

    com.ubisecure.util.ldap.server.list=<ldap://server1:port/> <ldap://server2:port/>
com.ubisecure.util.ldap.failover.type=single-master (default is multi-master)
com.sun.jndi.ldap.connect.timeout=15000 (in milliseconds)
com.sun.jndi.ldap.read.timeout=15000 (in milliseconds)
com.ubisecure.util.ldap.maxage=120000 (in milliseconds)
com.ubisecure.util.ldap.auth.pool.max=8
  7. Click Update

  8. Restart Ubisecure SSO from command line:

    net stop UbiloginServer
net start UbiloginServer

Ubisecure Privacy Policy & Cookie Statement