Ciphermail Gateway Web LDAP Authentication Guide



Similar documents
Configuring idrac6 for Directory Services

Introduction to Linux (Authentication Systems, User Accounts, LDAP and NIS) Süha TUNA Res. Assist.

Ciphermail Gateway Separate Front-end and Back-end Configuration Guide

LDAP and Active Directory Guide

User Management / Directory Services using LDAP

Integrating EJBCA and OpenSSO

LDAP User Guide PowerSchool Premier 5.1 Student Information System

FirstClass Directory Services 10 (Build 11)

Using LDAP for User Authentication

Steps to setup authentication and enrolment through LDAP protocol

Using LDAP Authentication in a PowerCenter Domain

User Management Resource Administrator. Managing LDAP directory services with UMRA

Ciphermail Gateway EJBCA integration guide

LDAP Server Configuration Example

Solr Bridge Search Installation Guide

Cloudwork Dashboard User Manual

DB2 - LDAP. To start with configuration of transparent LDAP, you need to configure the LDAP server.

LDAP Server Configuration Example

UNIL Administration. > Many databases and applications:

Technical Bulletin 41137

Active Directory Requirements and Setup

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor

Securing SAS Web Applications with SiteMinder

Adeptia Suite LDAP Integration Guide

Introduction Installing and Configuring the LDAP Server Configuring Yealink IP Phones Using LDAP Phonebook...

VERALAB LDAP Configuration Guide

Open LDAP Tutorial. Sendio Security Platform Appliance. March 08 Services Update

The following gives an overview of LDAP from a user's perspective.

Copyright 2016 Lexmark. All rights reserved. Lexmark is a trademark of Lexmark International, Inc., registered in the U.S. and/or other countries.

Quality Center LDAP Guide

Practical LDAP on Linux

MATLAB Toolbox implementation for LDAP based Server accessing

LDAP / SSO Authentication

Integrating PISTON OPENSTACK 3.0 with Microsoft Active Directory

How To Use Libap With A Libap Server With A Mft Command Center And Internet Server

Identity Management in Quercus. CampusIT_QUERCUS

Using Internet or Windows Explorer to Upload Your Site

Configuring Sponsor Authentication

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

An Information System

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

KACE Appliance LDAP Reference Guide V1.4

Authentication Methods

prefer to maintain their own Certification Authority (CA) system simply because they don t trust an external organization to

CipherMail Gateway Upgrade Guide

ProxySG TechBrief LDAP Authentication with the ProxySG

SQL Server Setup for Assistant/Pro applications Compliance Information Systems

Open-Xchange Hosted Edition Directory Integration

CA Performance Center

An Oracle White Paper March Integrating Microsoft SharePoint Server With Oracle Virtual Directory

Version 9. Active Directory Integration in Progeny 9

CMDBuild Authentication (file auth.conf)

Please return this document to when complete.

The Integration of LDAP into the Messaging Infrastructure at CERN

Using LDAP for User Authentication

Creating an LDAP Directory

Samba and LDAP in 30 Minutes

SchoolBooking LDAP Integration Guide

To integrate Oracle Application Server with Active Directory follow these steps.

Security with LDAP. Andrew Findlay. February Skills 1st Ltd

Configuring and Using the TMM with LDAP / Active Directory

GlobalSign Enterprise Solutions Google Apps Authentication User Guide

IPedge Feature Desc. 5/25/12

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Basic Configuration. Key Operator Tools older products. Program/Change LDAP Server (page 3 of keyop tools) Use LDAP Server must be ON to work

Directory Interface for User Management via LDAP BC-LDAP-USR 6.30 Test Catalog

PineApp Surf-SeCure Quick

CipherMail Gateway Installation Guide

Using LDAP with Sentry Firmware and Sentry Power Manager (SPM)

Configure Directory Integration

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

Configuring MailArchiva with Insight Server

Content Filtering Client Policy & Reporting Administrator s Guide

Adobe Connect LMS Integration for Blackboard Learn 9

Teradata Viewpoint. Configuration Guide

Managing Identities and Admin Access

CN=Monitor Installation and Configuration v2.0

Jobs Guide Identity Manager February 10, 2012

JMETER - MONITOR TEST PLAN

SilkRoad Eprise Version: Eprise 2006 v 6.0. A Practical Guide to LDAP

Novell Identity Manager

TypingMaster Intra. LDAP / Active Directory Installation. Technical White Paper (2009-9)

Getting Started with Clearlogin A Guide for Administrators V1.01

Configuring User Identification via Active Directory

1. InfoVaultz Administration Guide InfoVaultz Site Setup Logging as Administrator Logging In

CA SiteMinder. Directory Configuration - OpenLDAP. r6.0 SP6

Summary. How-To: Active Directory Integration. April, 2006

SCOPTEL WITH ACTIVE DIRECTORY USER DOCUMENTATION

Configuring Apache Web Server for x509 User Authentication

Ulteo Open Virtual Desktop Installation

Geoportal Server Installation Guide

FileCruiser. VA2600 SR1 Quick Configuration Guide

PriveonLabs Research. Cisco Security Agent Protection Series:

Centrify Cloud Connector Deployment Guide

Installation & Upgrade Guide

OpenLDAP Oracle Enterprise Gateway Integration Guide

How To Set Up A Webmin Account On A Libc (Libc) On A Linux Server On A Windows 7.5 (Amd) With A Password Protected Password Protected (Windows) On An Ubuntu (Amd

Transcription:

CIPHERMAIL EMAIL ENCRYPTION Ciphermail Gateway Web LDAP Authentication Guide June 19, 2014, Rev: 5454

Copyright 2008-2014, ciphermail.com.

CONTENTS CONTENTS Contents 1 Introduction 3 2 Create an LDAP configuration file 3 3 Add users and roles to the LDAP 4 4 Configure Tomcat 6 2

2 CREATE AN LDAP CONFIGURATION FILE 1 Introduction By default, Ciphermail web authenticates the administrators against a list of registered users stored in the Ciphermail database. Administrators, passwords and roles can be managed with the Ciphermail web administration page. Sometimes however, it is required to authenticate administrators against an external LDAP. This guide explains how to setup Ciphermail to authenticate and authorize administrators against an external LDAP. Enabling LDAP authentication require the following steps: 1. Create an LDAP configuration file. 2. Add users and roles to the LDAP. 3. Configure Tomcat. 2 Create an LDAP configuration file Ciphermail uses Spring security for authentication and authorization. To enable LDAP support for the Ciphermail web application, a Spring xml configuration file is required. Create the file djigzo-ldap.xml in directory /usr/share/djigzo-web 1 with the following content: <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance" xmlns:security="http://www.springframework.org/schema/security" xsi:schemalocation= "http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-2.5.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-2.0.xsd"> <security:ldap-server url="ldap://192.168.178.22:389/dc=djigzo,dc=com" /> <security:ldap-authentication-provider user-dn-pattern="uid={0},ou=users" group-search-base="ou=groups"/> </beans> The URL for the LDAP server should be changed to match the URL of the actual LDAP server. The root DIT should also be changed from dc=djigzo,dc=com to the root DIT where the Ciphermail administrators and groups are stored. 1 The file can be differently named and stored on another location. The only requirement is that the file is readable by Tomcat. 3

3 ADD USERS AND ROLES TO THE LDAP Note: Additional LDAP servers can be specified. Additional LDAP servers should be space separated (example: ldap://1.2.3.4 ldap://5.6.7.8 ). When logging in, the LDAP servers are tried in succession until a successful login. user-dn-pattern pattern: The user-dn-pattern pattern is used to build the DN to bind to using the password entered by the user. {0} in the pattern is replaced with the username. Example: When the user john tries to login, an attempt is made to bind to uid=john,ou=users,dc=djigzo,dc=com using the password entered by john. group-search-base pattern The group-search-base pattern is used to locate the roles for the user. This is the part of the directory tree under which group searches are performed. By default, records of class groupofuniquenames are searched with a uniquemember attribute equal to the DN of the user. The returned role is the value of the cn attribute(s). The role name is converted to uppercase and prefixed with ROLE_ 2. Example: When the user john successfully logs into Ciphermail, a search is done for a record with class groupofuniquenames under ou=groups,dc=djigzo,dc=com containing the attribute uniquemember with the value uid=john,ou=users,dc=djigzo,dc=com. If the cn attribute has value login the returned role is ROLE_LOGIN. For more information on user-dn-pattern and group-search-base see http:// static.springsource.org/spring-security/site/docs/2.0.x/reference/ ldap.html. 3 Add users and roles to the LDAP The required users and roles should be added to the LDAP server. The actual commands required for adding users and roles depends on the LDAP implementation. The following example shows how to add users and roles to OpenL- DAP. The following LDAP Data Interchange Format (LDIF) example is used to add two users, john and jane. John has password password and Jane has a hashed password test. John will have the following roles: login and admin. Jane will have the following roles: login and queue_manager. Note: The entries will be added under the dc=djigzo,dc=com tree. 2 Make sure the roles stored in LDAP are not pre-fixed with ROLE_ 4

3 ADD USERS AND ROLES TO THE LDAP dn: ou=users,dc=djigzo,dc=com objectclass: organizationalunit ou: users dn: ou=groups,dc=djigzo,dc=com objectclass: organizationalunit ou: groups dn: uid=john,ou=users,dc=djigzo,dc=com objectclass: inetorgperson objectclass: shadowaccount uid: john userpassword: password sn: Doe givenname: John cn: John Doe dn: uid=jane,ou=users,dc=djigzo,dc=com objectclass: inetorgperson objectclass: shadowaccount uid: jane userpassword: {SHA}qUqP5cyxm6YcTAhz05Hph5gvu9M= sn: Doe givenname: Jane cn: Jane Doe dn: cn=admin,ou=groups,dc=djigzo,dc=com objectclass: groupofuniquenames cn: login uniquemember: uid=john,ou=users,dc=djigzo,dc=com dn: cn=queue_manager,ou=groups,dc=djigzo,dc=com objectclass: groupofuniquenames cn: login uniquemember: uid=jane,ou=users,dc=djigzo,dc=com The LDIF should be stored in a file (djigzo.ldif) and imported into OpenLDAP using the following command: $ ldapadd -x -D cn=admin,dc=djigzo,dc=com -W -f djigzo.ldif Note: change dc=djigzo,dc=com to match the actual sub tree. 5

4 CONFIGURE TOMCAT Supported roles The following roles are supported: 1. login 2. admin 3. domain_manager 4. global_manager 5. log_manager 6. pki_manager 7. queue_manager 8. sms_manager 9. template_manager 10. user_manager Note: Every user should at least have the login role. The admin role is a combination of all other roles. See the administration guide for more info on the roles. 4 Configure Tomcat Ciphermail web application should be configured to use the new authenticator. The Java system property djigzo-web.spring.authenticator.config determines which authenticator configuration file is loaded when Ciphermail web application is started. The Java property should be set in the Tomcat default properties files which is read by Tomcat when Tomcat starts. The location of the Tomcat defaults file is different for Ubuntu/Debian and RedHat/CentOS. Ubuntu/Debian Ubuntu/Debian the default properties file for Tomcat 5.5 is /etc/default/tomcat5.5. The required property can be directly set using the following command: $ sudo bash -c 'echo "JAVA_OPTS=\"\$JAVA_OPTS \ -Ddjigzo-web.spring.authenticator.config=\ file:/usr/share/djigzo-web/djigzo-ldap.xml\"" >> /etc/default/tomcat5.5 ' Tomcat should be now be restarted: $ sudo /etc/init.d/tomcat5.5 restart 6

4 CONFIGURE TOMCAT RedHat/CentOS RedHat/CentOS the default properties file for Tomcat 5.5 is /etc/sysconfig/tomcat5. The required property can be directly set using the following command: $ sudo bash -c 'echo "JAVA_OPTS=\"\$JAVA_OPTS \ -Ddjigzo-web.spring.authenticator.config=\ file:/usr/share/djigzo-web/djigzo-ldap.xml\"" >> /etc/sysconfig/tomcat5 ' Tomcat should be now be restarted: $ /sbin/service tomcat5 restart Login When a user logs into Ciphermail, details of the login attempt are written to the Ciphermail MPA log. The user and the roles assigned to the user are logged. Example successful login: 3 [21 Aug 2009 11:15:39 11650554@qtp-24482011-5] INFO Authentication success... Username: jane; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true; credentialsnonexpired: true; AccountNonLocked: true; Granted Authorities: ROLE_LOGIN, ROLE_QUEUE_MANAGER Example login failure: [21 Aug 2009 11:20:31 31737213@qtp-24482011-4] WARN Authentication failure... Principal: d; Password: [PROTECTED]; Authenticated: false; RemoteIpAddress: 192.168.178.20; SessionId: 1ejsszduvhtn; Not granted any authorities 3 Some log information is removed to make the example fit the page. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information