IBM Sterling B2B: Autenticando no B2Bi via LDAP (sem o SEAS)
Vamos configurar o IBM Sterling B2Bi para autenticar a um diretório LDAP/Microsoft Active Directory
Importante:
- o Sterling B2Bi deve se conectar ao LDAP, ou seja, as portas devem estar abertas no firewall.
- o usuário de Bind já deve estar criado no LDAP Server
- utilize o arquivo customer_overrides.properties.in para evitar que as mudanças sejam sobrescritas ao aplicar um Fix
Procedimento
Adicionando as propriedades no arquivo
Edite o arquivo customer_overrides.properties e adicione:
###################################################### # LDAP Configuration 1 without SEAS - ldap.test.net - ###################################################### authentication_policy.authentication_1.className=com.sterlingcommerce.woodstock.security.LDAPAuthentication authentication_policy.authentication_1.enabled=true authentication_policy.authentication_1.jndi_factory=com.sun.jndi.ldap.LdapCtxFactory authentication_policy.authentication_1.display_name=ldap.test.net - OpenLDAP SB2BI --> display name no B2Bi authentication_policy.authentication_1.server=ldap.test.net authentication_policy.authentication_1.port=389 authentication_policy.authentication_1.security_type=simple authentication_policy.authentication_1.principle=cn=ldapadm,dc=test,dc=net --> bind user in LDAP tree authentication_policy.authentication_1.credentials=password authentication_policy.authentication_1.password_attribute=userPassword authentication_policy.authentication_1.search_root=ou=People,dc=test,dc=net --> base dn para os usuários authentication_policy.authentication_1.search_filter=(uid=<userid>) authentication_policy.authentication_1.security_type=simple authentication_policy.authentication_1.with_user_bind=true #to enable connection pool to LDAP authentication_policy.authentication_1.connect_pool=false authentication_policy.authentication_1.connect_pool_var=com.sun.jndi.ldap.connect.pool authentication_policy.authentication_1.connect_timeout=50000 authentication_policy.authentication_1.connect_timeout_var=com.sun.jndi.ldap.connect.timeout #to enable SSL between B2Bi and LDAP #authentication_policy.LDAP_SECURITY_TRUSTSTORE=<<Trust Store in .jks format>> #authentication_policy.LDAP_SECURITY_TRUSTSTORE_PASSWORD=<<truststore password>> #authentication_policy.LDAP_SECURITY_KEYSTORE=<<KeyStore in .jks format>> #authentication_policy.LDAP_SECURITY_KEYSTORE_PASSWORD=<<keystore password>>
onde:
| Partes da estrutura | Significado |
|---|---|
| authentication_policy | Refere-se ao arquivo de propriedades a ser atualizado. Nesse caso, o authentication_policy.properties. |
| authentication_N | configuração para vários servidores LDAP, copie as linhas para authentication |
| variável | É a variável no arquivo de propriedades a ser alterada. |
Use o utilitário encrypt_string.sh/cmd para ocultar a senha de texto simples.
- authentication_policy.authentication_1.credentials=OBSCURED:rO0ABXQ...==
- authentication_policy.authentication_1.LDAP_SECURITY_TRUSTSTORE_PASSWORD=OBSCURED:rO0ABXQ...==
- authentication_policy.authentication_1.LDAP_SECURITY_KEYSTORE_PASSWORD=OBSCURED:rO0ABXQ...==
Reinicie o B2Bi para que suas mudanças no arquivo customer_overrides.properties tenham efeito sobre o arquivo authentication_policy.properties.
cd <si_install_dir>/bin ./hardstop.sh ./run.sh
Configurando a conta de usuário para autenticar no LDAP
Vá para “Contas de usuário” e altere o tipo de autenticação para o usuário como “Externa” e selecione o LDAP no menu suspenso conforme mostrado na imagem abaixo:
Após criar a conta, faça logout do dashboard e faça login com o usuário e senha no LDAP.
