Savvion Active Directory Configuration
Often you would be required to connect your Savvion Server to Active Directory. The Active Directory setup could be that with a windows Server or with a ADAM. ADAM is useful if you don’t want to have a dedicated windows 2003 server for taking care of your users or if you would like to have different active directories for different departments. If you are using ADAM, you can refer to my another post Microsoft Active Directory Manager Configuration for your BPM tool.
Normally if you know that you want to use Active Directory before installation, then a good approach would be to choose LDAP during installation itself. However, sometimes you may not have enough information and would like to install a default Database Realm and then change it to Active Directory.
This tutorial assumes you have installed Savvion in JDBC Realm mode and would now like to connect to your Active Directory.
Step 1: Get the details of your Active Directory Installation
Typically you would need the following:
- The IP Address or a hostname of the machine where Active Directory Server or ADAM is running
- The Port Number, which defaults to 389
- Username using which you would connect to server. This could be a fully qualified name like CN=adimin,CN=Users,DC=constonline,DC=com or could even be an email based like email@example.com
- The Password with which you will connect to the server
For our example setup here are the details:
Server IP: 127.0.0.1
Port Number: 389
Username: CN=abhishek, CN=Users, OU=constonline,OU=com
Step 2:Test if you can connect with the credentials
To test if you have the right set of Information, you can use any LDAP Explorer Tool. For Example when I connect to my Active Directory I see something like the screenshot below:
If you cannot connect then probably you have wrong configuration. Its also possible that you are using a firewall on server which is not allowing you to connect remotely.
Step 3: Note Down the Attribute Names
You will need to note down a few attribute names. If you click on your user in LDAP Explorer tool you can see it on the right pane:
- Username: In our case it is “name”. If you are using windows Active directory server it will be “sAMAccountName”.
- First Name: This is normally the “givenName” attribute
- Last Name: This is normally the “sn” attribute
- Phone Number: Windows uses “telephoneNumber” attribute for this
- Email: This is normally bound to the attribute “mail”
Keep these handy. We will need them for next step.
Step 4: Backup your umacl.conf file
You need to keep a backup of umacl.conf file under your SBM_HOME/conf folder just in case things go wrong.
Step 5: Modify your umacl.conf file
Modify your UMACL file. Follow the instruction below for each key (if a key is not mentioned it means leave it to the default value):