Diferenças entre edições de "IBM Sterling B2B: Autenticando no B2Bi via LDAP (sem o SEAS)"

Fonte: ebasso.net Wiki
 
Linha 58: Linha 58:
 
|}
 
|}
  
Use o utilitário '''encrypt_string.sh/cmd''' para ocultar a senha de texto simples. Troque. de '''security.passphrase''' para '''security.enc_pass'''
+
Use o utilitário '''encrypt_string.sh/cmd''' para ocultar a senha de texto simples.  
  
* authentication_policy.authentication_1.credentials
+
* authentication_policy.authentication_1.credentials=OBSCURED:rO0ABXQ...==
* authentication_policy.authentication_1.LDAP_SECURITY_TRUSTSTORE_PASSWORD
+
* authentication_policy.authentication_1.LDAP_SECURITY_TRUSTSTORE_PASSWORD=OBSCURED:rO0ABXQ...==
* authentication_policy.authentication_1.LDAP_SECURITY_KEYSTORE_PASSWORD
+
* authentication_policy.authentication_1.LDAP_SECURITY_KEYSTORE_PASSWORD=OBSCURED:rO0ABXQ...==
  
  

Edição atual desde as 21h37min de 11 de abril de 2021

Vamos configurar o IBM Sterling B2Bi para autenticar a um diretório LDAP/Microsoft Active Directory


Importante:

  • o Sterling B2Bi deve se conectar ao LDAP, ou seja, as portas devem estar abertas no firewall.
  • o usuário de Bind já deve estar criado no LDAP Server
  • utilize o arquivo customer_overrides.properties.in para evitar que as mudanças sejam sobrescritas ao aplicar um Fix


Procedimento

Adicionando as propriedades no arquivo

Edite o arquivo customer_overrides.properties e adicione:

######################################################
# LDAP Configuration 1 without SEAS - ldap.test.net - 
######################################################
authentication_policy.authentication_1.className=com.sterlingcommerce.woodstock.security.LDAPAuthentication
authentication_policy.authentication_1.enabled=true
authentication_policy.authentication_1.jndi_factory=com.sun.jndi.ldap.LdapCtxFactory
authentication_policy.authentication_1.display_name=ldap.test.net - OpenLDAP SB2BI --> display name no B2Bi
authentication_policy.authentication_1.server=ldap.test.net
authentication_policy.authentication_1.port=389
authentication_policy.authentication_1.security_type=simple
authentication_policy.authentication_1.principle=cn=ldapadm,dc=test,dc=net --> bind user in LDAP tree
authentication_policy.authentication_1.credentials=password
authentication_policy.authentication_1.password_attribute=userPassword
authentication_policy.authentication_1.search_root=ou=People,dc=test,dc=net --> base dn para os usuários
authentication_policy.authentication_1.search_filter=(uid=<userid>)
authentication_policy.authentication_1.security_type=simple
authentication_policy.authentication_1.with_user_bind=true
#to enable connection pool to LDAP
authentication_policy.authentication_1.connect_pool=false
authentication_policy.authentication_1.connect_pool_var=com.sun.jndi.ldap.connect.pool
authentication_policy.authentication_1.connect_timeout=50000
authentication_policy.authentication_1.connect_timeout_var=com.sun.jndi.ldap.connect.timeout
#to enable SSL between B2Bi and LDAP
#authentication_policy.LDAP_SECURITY_TRUSTSTORE=<<Trust Store in .jks format>>
#authentication_policy.LDAP_SECURITY_TRUSTSTORE_PASSWORD=<<truststore password>>
#authentication_policy.LDAP_SECURITY_KEYSTORE=<<KeyStore in .jks format>>
#authentication_policy.LDAP_SECURITY_KEYSTORE_PASSWORD=<<keystore password>>

onde:

Partes da estrutura Significado
authentication_policy Refere-se ao arquivo de propriedades a ser atualizado. Nesse caso, o authentication_policy.properties.
authentication_N configuração para vários servidores LDAP, copie as linhas para authentication
variável É a variável no arquivo de propriedades a ser alterada.

Use o utilitário encrypt_string.sh/cmd para ocultar a senha de texto simples.

  • authentication_policy.authentication_1.credentials=OBSCURED:rO0ABXQ...==
  • authentication_policy.authentication_1.LDAP_SECURITY_TRUSTSTORE_PASSWORD=OBSCURED:rO0ABXQ...==
  • authentication_policy.authentication_1.LDAP_SECURITY_KEYSTORE_PASSWORD=OBSCURED:rO0ABXQ...==


Reinicie o B2Bi para que suas mudanças no arquivo customer_overrides.properties tenham efeito sobre o arquivo authentication_policy.properties.

cd <si_install_dir>/bin
./hardstop.sh
./run.sh

Configurando a conta de usuário para autenticar no LDAP

Vá para “Contas de usuário” e altere o tipo de autenticação para o usuário como “Externa” e selecione o LDAP no menu suspenso conforme mostrado na imagem abaixo:

B2b account external 01.png

Após criar a conta, faça logout do dashboard e faça login com o usuário e senha no LDAP.

B2b account enternal 02.png

Ver também