How can i set up authentication for Securonix against the AD ? what are the files that are to be updated and the process followed

asked 14 Aug '13, 23:48

mnair's gravatar image

mnair
711410
accept rate: 9%


Securonix has the ability to authenticate against a single domain. The authentication configuration are to be made to the ldap-config.properties file available in the securonix_home/conf directory.

The securonix system currently authenticates against a single domain and does not support authentication against multiple domains.

Make the following changes to the ldap-config.properties file

• Change/Edit the following parameters in securonix_home/conf/ldap-config.properties

managerDn = <the username="" used="" for="" authenticating="" against="" ad=""> managerPassword = <the password="" used="" for="" authenticating="" against="" ad=""> grails.plugins.springsecurity.ldap.context.server = <ldap url="">(ex: ldap://xx.xx.xx.xx:389 or ldaps://xx.xx.xx.xx:636) grails.plugins.springsecurity.ldap.authorities.groupSearchBase = <group search="" base=""> grails.plugins.springsecurity.ldap.search.base = <user search="" base="">

  • Add the following line to the ldap-config.properties file grails.plugins.springsecurity.ldap.authorities.groupSearchFilter=member={0}

• Add the userid(same as AD login) in Securonix application, and provide the appropriate access controls In the configuration file the system by default looks at the sAMAccountName and uses the users sAMAccountName to log into the Securonix Application. This can be changed by changing the grails.plugins.springsecurity.ldap.search.filter=sAMAccountName={0} from sAMAccountName to cn, dn or other distinguishable value as per requirement

• If local user authentication has to be enabled: Comment the following line. Else, authentication will only be against AD.Uncomment it to authenticate only against AD. grails.plugins.springsecurity.providerNames = ldapAuthProvider

to Debug the errors faced make the following changes to the log4j.properties files log4j.logger.org.springframework.security=DEBUG

note: If there are multiple domains to be configured, request for a virtual directory to be created which has the entire list of users. Use the credentials of the virtual directory in the ldap-config.properties files

link
This answer is marked "community wiki".

answered 15 Aug '13, 00:02

mnair's gravatar image

mnair
711410
accept rate: 9%

We can also authenticate against multiple AD servers. This can be done by specifying multiple IP addresses for AD with a space

Example: grails.plugins.springsecurity.ldap.context.server=71.252.225.132 71.252.225.133

link

answered 23 Jul '14, 03:34

tgulati's gravatar image

tgulati ♦♦
2061411
accept rate: 14%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×3
×2

Asked: 14 Aug '13, 23:48

Seen: 1,913 times

Last updated: 23 Jul '14, 03:34