Exacq exacqVision Web Service User Manual Manuel d'utilisateur télécharger pdf (Page 24)

www.exacq.com

Page 24 of 24

6/11/2015

ACTIVE DIRECTORY/LDAP IN LINUX-BASED WEB SERVICE

To configure your Linux system for Active Directory or OpenLDAP, complete the following steps:

1. Install Kerberos. KRB5 (MIT Kerberos V5) has specifically been tested for this purpose. Installing krb5-user

and libkrb5-dev should also install krb5-config, which is valid for all Ubuntu types.

2. Configure the /etc/krb5.conf file. Add a stanza for the AD domain, and change the default realm to the AD

domain. Fully qualified domain names (FQDN) for the KDC and admin server is preferred, in case the IP

addresses will ever be changed (just make sure the FQDN resolves for the AD server). Make sure the AD

domain name is upper-case; for example:

[libdefaults]

default_realm = EXACQ.TEST.COM

[realms]

EXACQ.TEST.COM = {

kdc = adserver2008.exacq.test.com

admin_server = adserver2008.exacq.test.com

}

3. Note the AD domain, along with the FQDN and IP address of the AD server:

EXACQ.TEST.COM adserver2008.exacq.test.com 192.168.1.70

4. Use the kinit command to confirm that the Kerberos configuration works as intended. Try to obtain a

ticket for the Kerberos login; you can verify success using the klist command. Use kdestroy to release the

ticket when you have verified the configuration.

NOTES

 When adding an exacqVision server with an Enterprise license configured on the AD domain, you

cannot configure an AD account as passthrough. AD accounts must manually log in every time.

 For each exacqVision server you intend to connect to with a user principal instead of an exacqVision

user name, you must add the exacqVision server’s FQDN to your /etc/hosts file, and it must be the

first name listed for that IP address. Otherwise, you will receive Kerberos failures.

1 2 ... 19 20 21 22 23 24

Pas de commentaire

Exacq exacqVision Web Service User Manual Manuel d'utilisateur Page 24