Configure LDAP with Sterling B2B Integrator
To configure Sterling B2B Integrator to use LDAP, you must edit the authentication_policy.properties.in file. You can also use the customer_overrides.properties file to set property values that do not overwrite by a patch installation.
To configure LDAP authentication:
- Stop Sterling B2B Integrator.
- Navigate to the installation directory.
- Navigate to the properties directory.
- Open the authentication_policy.properties.in file.
- In authentication_policy.properties.in, locate the ## GIS/LDAP Authentication configuration entry.
- Below the ##GIS/LDAP Authentication configuration entry,
make the following changes to the LDAP parameters:
Parameter
Description
Shipped Value
Change to
#LDAP_SECURITY_TRUSTSTOREPath to the local truststore. You must have LDAP required certificates stored in the truststore. You cannot use certificates from trading partners. Optional. Use only if you are using SSL.
Inactive path
Full path to the local truststore.
#LDAP_SECURITY_TRUSTSTORE_PASSWORDPassword that allows access to the truststore.Optional. Use only if you are using SSL.
changeit
Password allowing access to the local truststore.
#LDAP_SECURITY_KEYSTORE
Path to the local keystore. You must have LDAP required certificates stored in the keystore. You cannot use certificates from trading partners. Optional. Use only if you are using SSL.
Inactive path
Full path to the local keystore.
#LDAP_SECURITY_KEYSTORE_PASSWORDPassword that allows access to the keystore. Optional. Use only if you are using SSL.
password
Password allowing access to the local keystore.
#authentication_<number>.enabledEnables or disables the use of LDAP.
False – All users who are created from this authentication host will be disabled (fail to log in).
True – Each user can be accessed either internally or externally, but not both, since each user ID is unique. This value is not checked when it is for internal authentication.
False
True
#authentication_<number>.jndi_factory
Class name of the factory class that creates the initial context for the LDAP service provider. This is the standard context factory shipped with the JDK.
com.sun.jndi.ldap.LdapCtxFactoryNo change
#authentication_<number>.serverURL specifying the host name of the LDAP server.
Inactive path
Local LDAP host URL.
#authentication_<number>.portThe port number of the LDAP server.
#authentication_<number>.security_typeAuthentication method for the provider to use. The system supports only simple authentication.
simple
No change
#authentication_<number>.principleIdentity of the principle to authenticate, which enables the system to perform queries. This parameter is the name component in an LDAP ASN.1 bind request.
cn=Manager, dc=amr, dc=stercomm, dc=com
Local naming information.
#authentication_<number>.credentialsPassword set up in the LDAP repository for the LDAP principle, which enables the system to perform queries.
SecretPassword
Local password that goes with your local principle.
#authentication_<number>.security_protocolObject specifying which security protocol for the provider to use.
SSL
No change. This parameter is not visible if you have chosen not to use SSL.
#authentication_<number>.password_attributeName of the LDAP attribute that contains the user password.
This parameter is only used if the
#LDAP_AUTHENTICATE_WITH_USER_BINDis set to false.userPassword
Local attribute that contains the password.
#authentication_<number>.search_rootObject specifying the root from which the user query is based.
dc=amr, dc=stercomm, dc=com
Local search path.
#authentication_<number>.search_filterObject specifying the template to use in the search. The <userid> value is dynamically replaced at request time with the userid of the user requesting authentication.
(uid=<userid>)
A Windows Active Directory server may use an entry such as
(sAMAccountName=<userid>)#authentication_<number>.with_user_bindSpecifies whether to authenticate a user according to a successful bind.
False – The system extracts the value of the user password from the LDAP server and performs a comparison to the user credentials provided.
True – The system binds to the LDAP server using the user's distinguished name and provided credentials. A successful bind means a successful authentication.
false
Change to true if you want to authenticate with the user bind.
- Save the authentication_policy.properties.in file.
- Enter /install_dir/install/bin/setupfiles.sh (UNIX) or \install_dir\install\bin\setupfiles.cmd (Windows) to update LDAP entries into the authentication_policy.properties file from the authentication_policy.properties.in file.
- Start Sterling B2B Integrator.
The changes to the authentication_policy.properties file are applied and you can now begin using your LDAP server to authenticate users.
After startup, the system identifies LDAP servers from the authentication_policy.properties file. The system authenticates external users when the users log in.