Integrating the Directory Server

 
 
 

The integration of CloudPortal Business Manager with Directory server (specifically Active Directory) can be done in both modes, PUSH & PULL. CloudPortal Business Manager supports either the PUSH or the PULL mode for any of the installations. However, these modes have to be configured during deployment.

Note: No change in the mode is supported once the configuration of CloudPortal Business Manager server is completed.
Pre-configuration for PUSH Mode (even for PULL mode, if LDAPS is to be used)
  1. Install the security certificate exported from directory server to security keystore - Sample Command (needs modification based on system configuration):
    • keytool -import -alias <alias> -keystore <path-to-jre>/jre/lib/security/cacerts -file <cer-file-location-and-name>
    • /usr/java/latest/bin/keytool -import -alias alias -keystore /usr/java/latest/lib/security/cacerts --file cert1.cer
  2. Restart the CloudPortal Business Manager server post certificate install.

Pull Mode

In the PULL mode, CloudPortal Business Manager can import the user details from the Directory server. Once user is imported & created in the CloudPortal Business Manager, user gets an email for verification. After user verifies the email, he will be able to log into the CloudPortal Business Manager system. While logging in, user credentials are passed to Directory Server for authentication. Upon successful authentication from the Directory server, CloudPortal Business Manager allows the user to log in. CloudPortal Business Manager does not store any password in its database once this setting is enabled.

Note: In Pull mode, user password reset, forgot password, and Signup links are disabled. Any password related change needs to happen on the directory server directly.
Configuring PULL mode
  1. Log in as Root user to change administration settings.
  2. Go to Administration > Configuration > B/OSS Integration.
  3. Click Directory Server > Configure.

  4. Change the mode to pull and directory server enable to true. Configure the details to map to the Directory server configuration.
  5. Directory server URL can be ldap or ldaps & corresponding ports (for example, ldap:389, ldaps:636).

    Any other details in the same configuration page are not used for the PULL mode.

Configuration to allow the Duplicate Username
  1. Log in as Root user to change administration settings.
  2. Go to Administration > Configuration > Portal.
  3. Click Server > Configure.

    Note: Change the setting "username.duplicate.allowed" to true. If suffix dropdown is required, change "login.screen.tenant.suffix.dropdown.enabled " to true, false for this field results in a text box appearing instead of dropdown for the user log in page.

PUSH Mode

In the PUSH mode, CloudPortal Business Manager can add the user & user details to the Directory server. Once user is created in CloudPortal Business Manager, his details will be listed in the Directory server. Upon email verification, user is asked to set the password, which is set in the Directory server. CloudPortal Business Manager supports edit user, reset password & user sign-up operations through PUSH mode. As in case of PULL, even in PUSH mode, user passwords are not stored in CloudPortal Business Manager DB.

Note: When PUSH mode is enabled, channels on which accounts can be created are to be configured in CloudPortal Business Manager (even channels are created in Directory server).

For PUSH mode, Directory server URL has to be ldaps & port has to be 636.

Change the first.name.mapping property to givenName which by default comes to cn to avoid multiple values of cn.

CloudPortal Business Manager does not store any password details when directory server is enabled.

Configuring PUSH Mode
  1. Log in as Root user to change administration settings.
  2. Go to Administration > Configuration > B/OSS Integration.
  3. Click Directory Server > Configure.

Sample configuration for connecting the Directory server (specifically Active Directory) to CloudPortal Business Manager 2.x

If the Directory server is Active Directory, make sure the set " is.active.directory" flag to true.

User.additional.attributes is an optional field. If you want any key to have any particular value on directory server when user is getting created you can mention here.

User.enablement.attributes is an optional field. If you want any key to have any particular value on directory server when user is verifying himself from the activation link, you can mention here.

Make sure is.ssl.on is true if you are using ldaps protocol.

 
또 다른 질문이 있으십니까? 문의 등록

댓글

 
Adding comment, please wait....

Provide Feedback on Article:

Subject:
Comments:*
Zendesk 제공