Here are the steps to enable LDAP authentication in Software AG Runtime (CTP).
- In ‘<SAG_HOME>/profiles/CTP/configuration/jaas.config’ file, add your LDAP settings in the beginning:
LdapRealm {
com.softwareag.security.sin.is.ldap.lm.LDAPLoginModule required alias="name3"
logLevel="DEBUG"
logFile="../../profiles/CTP/logs/sin.log"
useLog="TRUE"
url="<YourLdapServerUrl>"
prin="CN=<YourUserName>,OU=User,DC=<YourLdapOrgKeys>"
cred="<YourLdapPassword>"
useaf="false" usecaching="false"
creategroups=true
gidprop="SAMAccountName"
uidprop="SAMAccountName"
userrootdn="DC=<YourLdapOrgKeys>"
grouprootdn="DC=<YourLdapOrgKeys>";
};
- In ‘<SAG_HOME>/profiles/CTP/configuration/tomcat/conf/server.xml’, next line after ‘Realm…’ add:
<Realm className="com.softwareag.platform.catalina.auth.SINRealm" name="LdapRealm"/>
- In ‘<SAG_HOME>/profiles/CTP/configuration/tomcat/conf/web.xml’, near the end (just before ‘web-app’ closing element) add:
<security-constraint>
<web-resource-collection>
<web-resource-name>YourServiceName</web-resource-name>
<url-pattern>/services/YourServiceEndpoint/</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>*</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>LdapRealm</realm-name>
</login-config>
<security-role>
<role-name>*</role-name>
</security-role>
The tricky part is the ‘role-name’. The ‘*’ means any role.