Sample Active Directory configuration settings for Delegate mode
The following table lists the configuration settings required for Active Directory Delegate mode configuration.These settings are described more generically in [App_Service] and [Admin]
Whenever possible, BMC recommends that you use the security configuration tool to configure the relevant settings and java keystores.
| Configuration | Description |
|---|---|
| [App_Service] | |
jaas_config_file=jetty/ADS_DS_jaas.config | Required to configure the Java Authentication and Authorization Service (JAAS) configuration to use Active Directory Delegate mode. The value indicates a JAAS configuration file, relative to the install directory. The JAAS configuration file itself requires no change. |
ldap_schema=Delegate | Required to configure Active Directory Delegate mode. |
ads_domainname | The domain name of the Active Directory domain. Example: sample.com This is only used when configuring Active Directory security. |
ads_hostname | The Active Directory host name. Example: ad.sample.com The fully qualified host names of one or more Active Directory Domain Controllers (space separated), or if the Active Directory Domain Controllers are referenced by the domain name, that domain name. |
ads_base_fqdn | Active Directory Fully Qualified Domain Name Example: DC=ad,DC=sample,DC=com This must match the distinguishedName of your Active Directory Domain. |
| The LDAP(S) port of the Active Directory server.
|
ads_security=SSL | Configures the security protocol used to connect to Active Directory. Set to NONE, SSL, SASL, or SSL+SASL (This setting impacts the ads_port setting in the previous row). |
ads_trust_policy=trustNone | Configures the handling of Active Directory security certificates. The value The value |
javax.net.ssl.trustStore | A java keystore file that contains the trusted certificates for all directories. This keystore must always contain the certificate for the internal LDAP directory. That certificate is added to the keystore when it is generated during the install (using an alias of "com.bmc.mmpa.ldaps"). If a trust policy of "trustNone" is configured, this keystore must also contain the Active Directory trusted certificates. Those certificates can be imported using the java keytool (see Obtaining and installing an Active Directory server private certificate on a client system). |
javax.net.ssl.trustStorePassword | The password for the java keystore file. This password may be in clear text, or it may be obfuscated using "Cryptor" format encoding from mqsusertool. |
ldap_port=15008 | A network port used for the internal LDAP server. The internal LDAP server is required for Active Directory Delegate mode. |
ldaps_port=15011 | A network port used for the internal LDAP server. The internal LDAP server is required for Active Directory Delegate mode. |
ldaps_keystore=ldapsKeystore.jks | A java keystore file that contains the keys and certificates for the internal LDAP server. The keys and certificate are added to the keystore when they are generated during the install. The internal LDAP server is required for Active Directory Delegate mode. |
ldaps_keystore_password | The password for the java keystore file. This password may be in clear text, or it may be obfuscated using "Cryptor" format encoding from mqsusertool. |
| [Admin] | |
| tsma_ldap_* | A set of keywords that correspond to the Security values configured for TSMA LDAP_LDAP mode. See the TSMA documentation for examples. |
| ldap_user | A common name (CN) used to define the LDAP Manager DN Security value configured for TSMA LDAP_LDAP mode. |
Comments