LDAP Configuration Example for User "Admin."

Document ID : KB000028865
Last Modified Date : 10/08/2018
Show Technical Document Details
Introduction:

 Issue:

 In this example, you see all of the configuration needed for the user "Admin." This includes the configuration XML files, (User.xml, Domain.xml, realm.xml and server.xml), a graphic to view the LDAP configuration for the user, and an excerpt from the IntrascopeEnterpriseManager.log in DEBUG mode.

 

 Resolution:

 

 Files:

User.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<principals xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" plainTextPasswords="false" version="0.3" xsi:noNamespaceSchemaLocation="users0.3.xsd">

    <users>

        <user password="d66636b253cb346dbb6240e3def3618" name="cemadmin"/>

        <user password="" name="SaasAdmin"/>

        <user password="" name="Admin"/>

        <user password="adb831a7fdd83dd1e2a39ce7591dff8" name="Guest"/>

    </users>

    <groups>

        <group description="CEM Configuration Administrator Group" name="CEM Configuration Administrator"/>

        <group description="CEM System Administrator Group" name="CEM System Administrator">

            <user name="cemadmin"/>

            <user name="Admin"/>

        </group>

        <group description="Administrator Group" name="Admin">

            <user name="cemadmin"/>

            <user name="Admin"/>

        </group>

        <group description="CEM Tenant Administrator Group" name="CEM Tenant Administrator">

            <user name="SaasAdmin"/>

        </group>

        <group description="CEM Analyst Group" name="CEM Analyst"/>

        <group description="CEM Incident Analyst Group" name="CEM Incident Analyst"/>

    </groups>

</principals>

 

Server.xml

<?xml version="1.0" encoding="UTF-8"?>

<server xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="server0.2.xsd" version="0.2">

    <grant group="Admin" permission="full"/>

</server>

 

Domain.xml

<?xml version="1.0" encoding="UTF-8"?>

<domains xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="domains0.3.xsd" version="0.3">

    <SuperDomain>

        <agent mapping="(.*)"/>

        <grant group="Admin" permission="full"/>

        <grant user="Guest" permission="read"/>

    </SuperDomain>

</domains>

 

Realms.xml

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>

<realms xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" version="0.1" xsi:noNamespaceSchemaLocation="realms0.1.xsd">

    <realm descriptor="LDAP Realm" id="LDAP" active="true">

        <property name="scopeDepth">

            <value>subtree</value>

        </property>

        <property name="userObjectQuery">

            <value>(&amp;(objectClass=organizationalPerson)(cn={0}))</value> - important

        </property>

        <property name="disableNestedGroupSearch">

            <value>false</value>

        </property>

        <property name="bindPassword">

            <value>ZfA4bSR1Ad6XjueAkNENc3m1k3+YxTzr</value>

        </property>

        <property name="baseDN">

            <value>dc=ca,dc=com</value>

        </property>

        <property name="groupNameAttribute">

            <value>cn</value>

        </property>

        <property name="url">

            <value>ldap://192.168.101.106:1389</value> - important

        </property>

        <property name="disallowEmptyPassword">

            <value>true</value>

        </property>

        <property name="bindName">

            <value>cn=admin,cn=administrators,cn=dscc</value>

        </property>

        <property name="bindAuthentication">

            <value>simple</value>

        </property>

        <property name="groupObjectQuery">

            <value>(&amp;(objectClass=groupOfUniqueNames)(cn={0}))</value>

        </property>

        <property name="useSSL">

            <value>false</value>

        </property>

        <property name="plainTextPasswords">

            <value>false</value>

        </property>

        <property name="groupMemberQuery">

            <value>(&amp;(objectClass=groupOfUniqueNames)(uniquemember={0}))</value>

        </property>

        <property name="usernameAttribute">

            <value>cn</value>

        </property>

    </realm>

</realms>

 

In this graphic, you can see a LDAP interface and configuration for the "Admin" user and the parameters corresponding to those in the realms.xml.

 

LDAP_Admin_Config.png 

 

 

IntroscopeEnterpriseManager Log (in debug mode) - If everything is working correctly, you should see messages like the following on successful login:

 

Attempting to authenticate user by binding to the LDAP server using "uid=admin,ou=People,dc=ca,dc=com"

11/19/14 04:01:56.605 PM EST [DEBUG] [PO:main Mailman 7] [Manager] USERS found:

{ Admin: <[Server Resource: Full] >}

 

11/19/14 04:01:56.607 PM EST [DEBUG] [PO:main Mailman 7] [Manager.Domain] USERS found:

{ Admin: <[SuperDomain: Full] >}

{ Guest: <[SuperDomain: Read] >}

 

11/19/14 04:01:56.641 PM EST [DEBUG] [PO:main Mailman 7] [Manager.UserManagementService] userObjectQuery=(&(objectClass=organizationalPerson)(cn={0}))

11/19/14 04:01:56.648 PM EST [DEBUG] [PO:main Mailman 7] [Manager.UserManagementService] groupMemberQuery=(&(objectClass=groupOfUniqueNames)(uniquemember={0}))

11/19/14 04:01:56.653 PM EST [DEBUG] [PO:main Mailman 7] [Manager.UserManagementService] groupMemberQuery=(|(&(objectClass=groupOfUniqueNames)(uniquemember=cn=Admin,ou=Groups,dc=ca,dc=com))(&(objectClass=groupOfUniqueNames)(uniquemember=cn=CEM System Administrator,ou=Groups,dc=ca,dc=com)))

11/19/14 04:01:56.658 PM EST [DEBUG] [PO:main Mailman 7] [Manager] USERS found:

{ Admin: <[Server Resource: Full] >}

 

11/19/14 04:01:56.660 PM EST [DEBUG] [PO:main Mailman 7] [Manager.Domain] USERS found:

{ Admin: <[SuperDomain: Full] >}

{ Guest: <[SuperDomain: Read] >}

 

11/19/14 04:01:56.662 PM EST [DEBUG] [PO:main Mailman 7] [Manager] USERS found:

{ Admin: <[Server Resource: Full] >}

 

11/19/14 04:01:56.665 PM EST [DEBUG] [PO:main Mailman 7] [Manager.Domain] USERS found:

{ Admin: <[SuperDomain: Full] >}

{ Guest: <[SuperDomain: Read] >}

 

11/19/14 04:01:56.666 PM EST [DEBUG] [PO:main Mailman 7] [Manager.Authentication] Adding user Admin with permissions: <[Server Resource: Full] [SuperDomain: Full] >

11/19/14 04:01:56.669 PM EST [DEBUG] [PO:main Mailman 7] [Manager.SessionBean] User "Admin" logged in successfully from host "Node=Workstation_0, Address=APMW8X64R2SP2/192.168.101.130:49380, Type=socket"

11/19/14 04:01:56.673 PM EST [INFO] [PO:main Mailman 7] [Manager.SessionBean] Workstation User "Admin" connected successfully from host "Node=Workstation_0, Address=APMW8X64R2SP2/192.168.101.130:49380, Type=socket"

11/19/14 04:01:56.816 PM EST [DEBUG] [PO:main Mailman 2] [Manager] Sending permission Full for resource Server Resource

11/19/14 04:01:56.821 PM EST [DEBUG] [PO:main Mailman 2] [Manager] Sending pair: ServerResource > Full

11/19/14 04:01:56.823 PM EST [DEBUG] [PO:main Mailman 2] [Manager] Sending permission Full for resource SuperDomain

11/19/14 04:01:56.823 PM EST [DEBUG] [PO:main Mailman 2] [Manager] Sending pair: AESEID: type=Domain serial=1416430388377 > Full

11/19/14 04:01:56.824 PM EST [DEBUG] [PO:main Mailman 2] [Manager] Sending 2 permissions for user Admin

11/19/14 04:01:56.908 PM EST [DEBUG] [PO:main Mailman 5] [Manager] Sending permission Full for resource Server Resource

11/19/14 04:01:56.910 PM EST [DEBUG] [PO:main Mailman 5] [Manager] Sending pair: ServerResource > Full

11/19/14 04:01:56.912 PM EST [DEBUG] [PO:main Mailman 5] [Manager] Sending permission Full for resource SuperDomain

11/19/14 04:01:56.912 PM EST [DEBUG] [PO:main Mailman 5] [Manager] Sending pair: AESEID: type=Domain serial=1416430388377 > Full

11/19/14 04:01:56.913 PM EST [DEBUG] [PO:main Mailman 5] [Manager] Sending 2 permissions for user Admin

Additional Information: 

How to Configure CA APM to use LDAP Authentication (Introscope and APM CE)

KB Article link: https://comm.support.ca.com/kb/configuring-ca-apm-to-use-ldap-authentication-introscope-and-apm-ce-cem/kb000009524

 

Instructions:
Please Update This Required Field