Configuring a Security Provider for Sybase Control Center

Once you have added required users to the repository used for Sybase Control Center authentication, you can use that directory to authenticate administration login requests.

Prerequisites
Backup the <SCC_HOME>\conf\csi.properties.
Task
To use Windows Native authentication, ensure you setup the Windows NTProxy login provider.
  1. Exit Sybase Control Center.
  2. From Windows Services panel, stop the Sybase Unified Agent Service.
  3. From a text editor, open <SCC_HOME>\conf\csi.properties.
  4. Define a module in this file, similar to the LDAP sample below. This example specifies that Active Directory is used as the LDAP server for Sybase Control Center authentication requests.

    Each line of the LDAP server module of the properties file must begin with "CSI.loginModule." followed by a module number. The module number in this sample is 5. The module number must be unique in the properties file, and you must use the same number in every line of the module.

    ===================================================
## LDAP login module for SCC
CSI.loginModule.5.options.AuthenticationSearchBase=ou=users,dc=example,dc=com
CSI.loginModule.5.options.BindDN=cn=Directory Manager
CSI.loginModule.5.options.BindPassword=secret
CSI.loginModule.5.options.DefaultSearchBase=dc=example,dc=com
CSI.loginModule.5.options.ProviderURL=ldap://localhost:10389
CSI.loginModule.5.options.RoleSearchBase=ou=groups,dc=example,dc=com
CSI.loginModule.5.options.ServerType=AD
CSI.loginModule.5.options.moduleName=SUP LDAP Login Module
CSI.loginModule.5.provider=com.sybase.ua.services.security.ldap.LDAPWithRoleLoginModule
CSI.loginModule.5.controlFlag=sufficient
=====================================================
    Note: Change the values for only lines shown in bold.
    For a complete list of available LDAP properties you can configure, see System Administration > System Reference > Security Provider Configuration Properties > LDAP Configuration Properties.
  5. For some internal communication, you must include the Anonymous Login Module in the csi.properties file:
    # Anonymous Login Module
CSI.loginModule.0.provider=com.sybase.ua.services.security.anonymous.AnonymousLoginModule
CSI.loginModule.0.controlFlag=sufficient
CSI.loginModule.0.options.moduleName=Anonymous Login Module
CSI.loginModule.0.options.roles=uaAnonymous
    Adding this anonymous login module does not relax or allow anonymous access to the Sybase Control Center. Authentication and authorization checks are still enforced..
  6. Save the file.
  7. If your LDAP server’s SSL certificate is signed by a nonstandard certificate authority (for example, if it is self-signed), use the keytool utility to configure JVM to trust the certificate. Execute a command similar to this: 
    keytool -import -keystore <SUP_installdir>\shared\JRE-<version>\bin\keytool\lib\security\cacerts -file 
<your cert file and path> -alias ldapcert -storepass changeit
  8. Restart Sybase Unified Agent.
  9. Open Sybase Control Center and log in.
Parent topic: Security for Administration Users
Next topic: Setting Up Provider Roles in Sybase Control Center