Skip to end of metadata
Go to start of metadata

You are viewing an old version of this content. View the current version.

Compare with Current View Version History

Version 1 Current »

In some production environments it is suggested that the LDAP server be run separate from the DDF installation. Due to the minimal number of dependencies that the embedded LDAP application requires, this app can be run using a minimal install of DDF that uses much less memory and CPU than a standard installation.

Recommended Steps to Run a Standalone Embedded LDAP instance

  1. Obtain and unzip the DDF Kernel (ddf-distribution-kernel-<VERSION>.zip). 
  2. Start the distribution.

  3. When the Kernel has loaded up with the DDF logo at the command prompt, execute

    la

    which is short for "list all". Verify that all bundles are Active

    Since the kernel does not include all apps, if you were to do a "list" instead of "la," no results would be returned at this point.

  4. Finally, deploy the Embedded LDAP App by copying the ldap-embedded-app-<VERSION>.kar into the <DISTRIBUTION_HOME>/deploy directory. You can verify that the ldap server is installed by checking the DDF log or by performing an la and verifying that the OpenDJ bundle is in the Active state. Additionally, it should be responding to LDAP requests on the default ports, 1389 and 1636.

  5. To perform any of the configurations identified below, the webconsole will need to be installed by executing

    features:install webconsole

Configuration

The configuration options are located on the standard DDF configuration web console under the title LDAP Server. It currently contains three configuration options.

Configuration NameDescription
LDAP PortSets the port for LDAP (plaintext and StartTLS). 0 will disable the port.
LDAPS PortSets the port for LDAPS. 0 will disable the port.
Base LDIF FileLocation on the server for a LDIF file. This file will be loaded into the LDAP and overwrite any existing entries. This option should be used when updating the default groups/users with a new ldif file for testing. The LDIF file being loaded may contain any ldap entries (schemas, users, groups..etc). If the location is left blank, the default base LDIF file will be used that comes with DDF.

 

Trust Certificates

In order for LDAPS to function correctly, it is important that the LDAP Server is configured with a keystore file that trusts the clients it is connecting to and vice versa. Providing your own keystore information for the LDAP Server can be done by doing the following:

  1. Navigate to the /etc/keystores folder in the kernel distribution folder
  2. Find the serverKeystore.jks file and replace it with a keystore file valid for your operating environment.
  3. If the DDF kernel is running, restart it so the changes will take place


Connecting to a Standalone LDAP Server

DDF instances can connect to an external LDAP server by installing and configuring the security-sts-server feature detailed here.

  • No labels