Dashboard > Penrose > ... > Penrose 0.9.9 Documentation > Active Directory
Penrose
Active Directory
Added by Endi S. Dewata, last edited by Endi S. Dewata on Mar 13, 2006  (view change)
Labels: 
(None)


Installing Active Directory

Increasing Search Limit

Increase the MaxPageSize to 2000. See LDAP policy.

Enabling SSL

In general Penrose can connect to Active Directory without SSL. However, if you need to update user passwords in Active Directory via Penrose, then you will need to use SSL.

First you need to install Enterprise Certificate Authority. Then export the certificate by executing this command on Active Directory machine:

certutil -ca.cert <filename>

Transfer the certificate file to Penrose machine and import it into a keystore:

keytool -import -trustcacerts -alias <alias> -file <filename> -keystore penrose.keystore

Put penrose.keystore in PENROSE_SERVER_HOME directory, then edit PENROSE_SERVER_HOME/conf/server.xml:

<server>

  <system-property>
    <property-name>javax.net.ssl.trustStore</property-name>
    <property-value>penrose.keystore</property-value>
  </system-property>

  <system-property>
    <property-name>javax.net.ssl.trustStorePassword</property-name>
    <property-value>...</property-value>
  </system-property>

</server>

Use the same password that you specify when importing certificate.

Configuring AD Connection

Connecting to Active Directory is the same as connecting to other directory server, which is done via JNDI. Note that if you are using SSL then you need to use "ldaps" instead of "ldap". The configuration can be found in PENROSE_SERVER_HOME/conf/connections.xml:

<connections>

  <connection name="AD">
    <adapter-name>JNDI</adapter-name>
    <parameter>
      <param-name>java.naming.provider.url</param-name>
      <param-value>ldaps://server/dc=Penrose,dc=Safehaus,dc=org</param-value>
    </parameter>
    <parameter>
      <param-name>java.naming.factory.initial</param-name>
      <param-value>com.sun.jndi.ldap.LdapCtxFactory</param-value>
    </parameter>
    <parameter>
      <param-name>java.naming.security.principal</param-name>
      <param-value>cn=Administrator,cn=Users,dc=Penrose,dc=Safehaus,dc=org</param-value>
    </parameter>
    <parameter>
      <param-name>java.naming.security.credentials</param-name>
      <param-value>password</param-value>
    </parameter>
  </connection>

</connections>
Site running on a free Atlassian Confluence Open Source Project License granted to Safehaus. Evaluate Confluence today.
Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.5.4 Build:#809 Jun 12, 2007) - Bug/feature request - Contact Administrators