Traverse: Authenticate against windows active directory (ldap)

QUESTION:

How do I integrate Active Directory with Traverse?

SOLUTION:

Traverse provides customizable framework for validating login user name and passwords against external source, including Radius, Kerberos, LDAP, etc. The 'External Authentication' section of the Traverse Developers Guide provides detailed information regarding how to leverage this feature. Here is a sample script that can be used to authenticate against Active Directory. Please review above document for limitations.

In order to use this script, extract the script from the attached ZIP archive and place it under TRAVERSE_HOME/plugin/auth directory on the BVE server. Create the auth directory under plugin if required. It may be necessary to install Net::LDAP and Getopt::Long Perl modules if not available on the server already:

win32_libs.zip (attached) contains the required libraries if needed. Please unzip them in C:\Program Files (x86)\Traverse\plugin\auth) and add the following line just above 'use File::Basename;' in the attached "ldap_auth.pl". If you have installed Traverse to the default location, 'C:/Program Files (x86)/Traverse' then the path should be as below. Otherwise please replace 'C:/Program Files (x86)/Traverse' with the path to your Traverse installation directory.

use lib "C:/Program Files (x86)/Traverse/plugin/auth/win32_libs";

Code:
(Linux/Solaris)
su
perl -MCPAN -e 'install Net::LDAP'
perl -MCPAN -e 'install Getopt::Long'
Next, edit etc/emerald.xml and remove/comment out (enclose in <!-- -->) the following section:

Code:
<authentication method="des"
class=""
execute=""
parameters=""
timeout=""
/>
and add the following configuration block in it's place:

Code:
<authentication
method="script"
class=""
execute="ldap_auth.pl"
parameters="--server n.n.n.n --user ${username} --password ${password} --domain myCompany.com"
/>
Replace n.n.n.n with the IP address of the Domain Controller and myCompany.com with the local AD domain name. Finally, restart the Web Application using "etc/webapp.init restart" on Linux/Solaris or Service Controller on Windows.

Please take note that LDAP Authentication occurs on port 389.

Attachments

Have more questions?

Contact us

Was this article helpful?
0 out of 0 found this helpful

Provide feedback for the Documentation team!

Browse this section