Sunday, February 9, 2014

Connecting an external LDAP as the primary LDAP for WSO2 Identity Server

Hi All,

Today I am writing this blog to clear some doubting areas on the mentioned topic.

Lets see how to connect OpenLDAP as the primary LDAP for IS.

1) Download the OpenLDAP for your O/S and install according to the steps mentioned here. [INSTALLATION STEPS HERE FOR LINUX BASED SYSTEMS]

Special Note :- Please save the configuration details somewhere you can access and remember :)

2) And connect to the OpenLDAP via Apache Directory Studio.

3) Download WSO2 Identity Server.

Please not that you only have to change configurations of two files in order to connect this ldap as the primary one.

4) Now lets go and disable the embedded ldap that comes OOTB with IS.

Go to [IS_HOME]/repository/conf/embedded-ldap.xml and set the following configuration.

<Property name="enable">false</Property>
5) Then go to IS_HOME/repository/conf / user-mgt.xml and disable the embedded ldap by commenting out the class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManage.
6) Select whether to connect to the external ldap as Read / Write or only Read and select the proper class settings.
Read / Write - class="org.wso2.carbon.user.core.ldap.ReadWriteLDAPUserStoreManager"
Read - class="org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager"
7) Follow following detailed blog for configurations setting on each of the classes according to your need which describes the properties in details.
8) Pay special attention to the following settings because you need to match these settings according to your newly created OpenLDAP in order to proper integrate.
<Property name="ConnectionURL">ldap://localhost:389</Property>
<Property name="ConnectionName">cn=admin,dc=wso2,dc=com</Property>

 <Property name="ConnectionPassword">password</Property>

<Property name="UserSearchBase">ou=Users,dc=wso2qa,dc=com</Property>

<Property name="GroupSearchBase">ou=Groups,dc=wso2,dc=com</Property>

<Property name="SharedGroupSearchBase">ou=SharedGroups,dc=wso2,dc=com</Property>
9) Follow the following blog to proper creation of user and groups in your ldap.

LDAP - Apache Directory Studio: A Basic Tutorial

Hope the above helps to anyone who are confused in this area.
Bye bye for now from Sri Lanka :)

No comments:

Post a Comment