Configuring Lawson for LDAP Signing Step-by-step Guide for Lawson and
17 Slides1.37 MB
Configuring Lawson for LDAP Signing Step-by-step Guide for Lawson and Landmark Desi Houze Sr. Technical Consultant Nogalis, Inc
LDAPS Configuration Prerequisites Install LDAP Certificate for LSF and Landmark Update LSF to use LDAPS Update Landmark to use LDAPS Update IFS Configuration
Prerequisites SSL certificate for the AD LDS server with the o Private key (.pfx) included o SAN (Subject Alternate Name) o Can be an existing cert ssoconfig password LDAP Bind password LDAPS Port (typically 636 or 3269) o 636 is the standard SSL, 3269 is the Global Catalog Port o Global Catalog is preferred when the LDAP servers support it
LDAP Cert – AD LDS Only for AD LDS host Identify which service is your AD LDS service Import Cert o “Service Account” Export Base-64 cert o o Base-64 encoded X.509 (extension .cer) Used for OS Java and WebSphere java updates
LDAP Cert – AD LDS Permissions Grant permissions on Cert container “certutil -store MY’ o o o o C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys Or C:\Documents and Settings\All Users\Application Data\ Microsoft\Crypto\RSA\MachineKeys or C:\Documents and Settings\All Users\Application Data\ Microsoft\Crypto\Keys Read and Read & Execute Directory Unique Container file
LDAP Cert – AD LDS Smoke Test ldp.exe o Server FQDN o LDAP SSL port o Check SSL Verify connection to LDAP
LDAP Cert - WebSphere Security SSL certificate and key management Key stores and certificates CellDefaultTrustStore Signer certificates o o o o o o Click the Retrieve from port button. Host: adldshost.company.com Port: your company’s LDAPS port Alias: choose a meaningful name for the cert Click Retrieve signer information. Click OK & save changes Perform the same steps for the NodeDefaultTrustStore
LDAP Cert – OS Java Lawson and Landmark Get your JAVA HOME Back up the file(s) JAVA HOME/jre/lib/security/cacerts Navigate to WAS HOME/bin and run the ikeyman.bat utility
LDAP Cert – OS Java
LDAP Cert – WebSphere Java Lawson and Landmark Get WAS JAVA HOME Back up the file(s) WAS JAVA HOME/jre/lib/security/cacerts Add signer certs using keytool command line utility Get a list of the existing certs and validate using command keytool -list -keystore WAS JAVA HOME/lib/security/cacerts -storepass changeit keytool list WS before.out Import the new cert using the command keytool -import -file file path to your .cer file -alias meaningful name -trustcacerts -keystore WAS JAVA HOME/jre/lib/security/cacerts -storepass changeit keytool import WS.out Get the list of the existing certs and validate that the new cert was added using command keytool -list -keystore WAS JAVA HOME/jre/lib/security/cacerts -storepass changeit keytool list WS after.out
LDAP Cert – WebSphere Java
LDAPS Configuration – LSF Only LSF only ssoconfig - Update the “Change Lawson authentication data store settings” Update install.cfg o LDAPPORT o LDAP PROVIDER URL Reboot the LSF server
LDAP Bind Service - LSF ssoconfig Export your LDAP Bind Service Update to Override “true” Update protocol & port on PROVIDER ssoconfig –l to update
Smoke Test Smoke Test Lawson Authentication o https://server.company.com/ssoconfig/SSOCfgInfoServlet o https://server.company.com/sso/SSOServlet o Log into Lawson
LDAP Bind Service - LMK Rich Client Gen LDAP Bind Login Scheme o Update protocol & port Restart the Landmark Server Smoke Test o Log into Rich Client IPA Smoke Tests o o o o Web Run System Command File Access Lawson Query/Transaction
IFS Need a cert for the AD server in Trusted Root Certificate Store Update the AD Configuration in IFS Configure Parameters
Questions? [email protected] [email protected]