To be able to grant JetPatch Manager access to Active Directory users and groups, you need to first specify one or more Active Directory domains.
To specify a domain:
- In the Users tab, by User Directories, click Add User Directory:
- Provide the following information:
- Connection to Active Directory server: Hostnames (line-separated resolvable names or IP addresses of one or more LDAP domain controllers, to be tried in order), Port (usually 389), whether the connection should Use SSL and/or Enforce validity of server certificate
- Note: If using java 1.8, the recommended minimum minor version is 250+
- For SSL
-
As the Java security was strengthened regarding LDAP connection during JDK 8 lifespan, we have to be sure that the hostname of the LDAP server we connect to matches the 'CN' field inside the certificate. And the other way around: the field 'CN' in the certificate must match the hostname. To verify issue from the Linux command line:
-
echo -n | openssl s_client -connect <LDAP SERVER>:636 2>/dev/null | openssl x509 -noout -text | grep Subject:
-
- For Enforce validity of server certificate. This means two things:
-
The certificate must be issued by a known CA
-
The server you talk to is the server this specific certificate was given to - hostname verification
-
- Active Directory Domain name
- Credentials of an Active Directory User account with read access to Active Directory. The format of the 'Directory User' field should be either: 1. user-name@domain-name 2. domain-name\user-name 3. User’s full DN
- Users Base DN / Groups Base DN - specify LDAP query if needed.
- Connection to Active Directory server: Hostnames (line-separated resolvable names or IP addresses of one or more LDAP domain controllers, to be tried in order), Port (usually 389), whether the connection should Use SSL and/or Enforce validity of server certificate
- Click OK.
You can edit or remove already-specified domains. Poll refreshes domain entries in JetPatch for role assignment; to view the refreshed entries you may need to refresh your browser.
You can disable all permissions given to a domain's groups and users while retaining the domain's information by editing the domain and clearing Enabled.
Comments
0 comments
Please sign in to leave a comment.