Example of Active Directory configuration
You require Active Directory Windows servers to connect to for authentication, and to set up the certificate trust store that is required for making secure LDAP connections.
An example of an Active Directory setup that is used with Console Management is as follows:
The following table explains the authentication accounts and the Tomcat roles:
| Name | Type | Description |
|---|---|---|
| AppIDs | Organizational Unit | Service account that is used for administrator authentication |
| Domain Users | Organizational Unit | Human (administrator) accounts for domain users |
| MVCM-Roles | Organizational Unit | Includes the four Console Management roles that are created as security groups This is necessary to minimize the amount of information that Tomcat picks up when searching for administrator roles. |
AppIDs Organizational Unit
The following example displays the AppIDs Organizational Unit (OU), which in this case has just the service account dedicated for accessing Console Management LDAP.
Domain Users Organizational Unit
The following example displays the Domain Users OU, which in this case has various test accounts:
MVCM-Roles Organizational Unit
The following example displays the MVCM-Roles OU, which has the four defined Console Management roles.
Important
The Console Management roles are case-sensitive and must be created exactly as shown.
You can grant administrator permissions to individual Windows users by making them members of one or more of the roles that are defined as Active Directory security groups.
The following example displays a test user MVCM All (mvcmall) who has access to all the configuration areas.
Note
You can also use IOCADMIN role to grant permission to all configuration areas to the user.
Comments
Log in or register to comment.