Install DSML Gateway
The YAB console supports installing and configuring the DSML Gateway (Configure OpenDJ DSML Gateway).
1 Open the build/config/configuration.properties file.
2 Configure the basic LDAP settings:
webapp.opendj.ldap.host=
The host name of the underlying directory server.
webapp.opendj.ldap.port=
The LDAP port of the underlying directory server. Default: 636. You can change this port to 389 for plain text during debugging, but use port 636 to secure the connection.
webapp.opendj.ldap.usessl=
Indicates whether ldap.port points to a port listening for LDAPS (LDAP/SSL) traffic. true or false
webapp.opendj.ldap.truststore.path=
The trust store used to verify certificates when using secure connections. If you want to connect using LDAPS or StartTLS, and do not want the gateway blindly to trust all certificates, then you must set up a trust store. Not used by default.
webapp.opendj.ldap.truststore.password=
The trust store password. If you set up and configure a trust store, then you need to set this. Not used by default.
webapp.opendj.ldap.isactivedirectory=
Designate whether Active Directory is used. true or false
webapp.opendj.ldap.domains=
An optional, comma-delimited list of valid domains.
webapp.opendj.ldap.description=
A description of the OpenDJ Instance.
3 Update your environment. To run only the specific steps related to the DSML Gateway, enter:
> yab webapp-opendj-update
> yab ldapinstance-opendj-create
To update your entire environment, enter:
> yab update
Setting Up Multiple LDAP Services
The previous settings support a single LDAP service. When multiple services are required, use the following steps as an example.
1 Open the build/config/configuration.properties file.
2 Add the new opendj instance for a second LDAP service.
@extends webapp._base
3 Configure the web app settings.
webapp.opendj2=
Note: Do not enter a value for webapp.opendj2. This is the YAB configuration syntax for defining a new instance of the webapp type. This example creates “opendj2” webapp. This token can be any valid identifier, but ensure that the “type” is defined as “opendj.”
webapp.opendj2.context=
The name of the webapp that gets deployed; in this example, opendj2.
webapp.opendj2.application=
A parameter required for YAB. Leave as ${packages.opendj-dsml.dir}
webapp.opendj2.tomcat=
A parameter required for YAB. Leave as tomcat.default
webapp.opendj2.upgrade.includes=
A parameter required for YAB. Leave as WEB-INF/web.xml
webapp.opendj2.type=
opendj
webapp.opendj2.ldap.host=
The host name of the underlying directory server.
webapp.opendj2.ldap.port=
The LDAP port of the underlying directory server. Default: 636.
webapp.opendj2.ldap.userdn=
The DN used by the DSML gateway to bind to the underlying directory server.
webapp.opendj2.ldap.userpassword=
The password used by the DSML gateway to bind to the underlying directory server.
webapp.opendj2.ldap.authzidtypeisid=
Required boolean parameter specifying whether the HTTP Authorization header field’s Basic credentials in the request hold a plain ID, rather than a DN. This parameter can help you set up the DSML gateway to do HTTP Basic Access Authentication, given the appropriate mapping between the user ID and the user’s entry in the directory. If set to true, then the gateway performs an LDAP SASL bind using SASL plain, enabled by default in OpenDJ to look for an exact match between a uid value and the plain ID value from the header. In other words, if the plain ID is bjensen, and that corresponds in the directory server to Babs Jensen’s entry with DN uid=bjensen,ou=people,dc=example,dc=com, then the bind happens as Babs Jensen. Note also that you can configure OpenDJ identity mappers for scenarios that use a different attribute than uid, such as the mail attribute.
Default: false
webapp.opendj2.ldap.usessl=
Indicates whether ldap.port points to a port listening for LDAPS (LDAP/SSL) traffic. true or false
webapp.opendj2.ldap.usestarttls=
Leave blank.
webapp.opendj2.ldap.truststore.path=
The trust store used to verify certificates when using secure connections. If you want to connect using LDAPS or StartTLS, and do not want the gateway blindly to trust all certificates, then you must set up a trust store. Not used by default.
webapp.opendj2.ldap.truststore.password=
The trust store password. If you set up and configure a trust store, then you need to set this. Not used by default.
webapp.opendj2.ldap.isactivedirectory=
Designate whether Active Directory is used. true or false
webapp.opendj2.ldap.domains=
An optional, comma-delimited list of valid domains.
webapp.opendj2.ldap.description=
A description of the OpenDJ Instance.
4 Update your environment. To run only the specific steps related to multiple LDAP services, enter
> yab webapp-opendj2-update
> yab ldapinstance-opendj2-create
To update your entire environment, enter
> yab update