Preliminary tasks for basic LDAP integration - SSO
SSL certificate
If an LDAPS connection is used when connecting to the selected external directory then an SSL certificate is required. First the SSL certificate needs to be created for example by using the Microsoft Certificate Authority. Then it needs to be transferred to the Ubisecure server and added to the trusted certificates in the Java Runtime Environment.
The certificate can be added to the Java certificate store using the keytool command. Here is example command for Windows and Linux installations when assuming keytool is in the path:
keytool -importcert -cacerts -trustcacerts -alias mytrustedca -file <insert filename here> -storepass changeit
If a plain LDAP connection is used when connecting to the selected external directory an SSL certificate is not required and this step can be skipped.
Setting up a user account in Active Directory or LDAP
In-depth Active Directory administration is not within the scope of this document. Please refer to the Microsoft Knowledge Base for specific information.
In this example, the following operations have been performed:
- The user Ubilogin was created within the standard Users container of Active Directory.
- The user was made a member of the group Domain Guests, which is a built-in group of Active Directory.
- All other memberships were removed from the user.
A similar procedure is required when LDAP is used as the external directory.
This web page (including any attachments) may contain confidential, proprietary, or privileged information – not for disclosure without authorization from Ubisecure Inc. Copyright © 2024. All Rights Reserved.