Once you have added required users to Active Directory, you can use the directory to authenticate device user login requests for Unwired Server.
For Unwired Server, you define an LDAP provider by manually editing an XML configuration file. Sybase recommends that you back up this file before making any changes to it.
-
From a text editor, open <SUP_installdir>\servers\UnwiredServer\tomcat\conf\csi\default.xml
.
-
Define an LDAP module in this file, similar to the sample below. This example specifies that Active Directory is used as the LDAP server for Unwired Server authentication requests from device users.
<config:authenticationProvider controlFlag="sufficient" name="com.sybase.security.ldap.LDAPLoginModule">
<config:options name="BindDN" value="cn=supAdmin,ou=Sales,dc=sybase,dc=com"/>
<config:options encrypted="false" name="BindPassword" value="s3pAdmin"/>
<config:options name="AuthenticationSearchBase" value="ou=Sales,dc=sybase,dc=com"/>
<config:options name="AuthenticationFilter" value="(&(sAMAccountName={uid})(objectclass=user))"/>
<config:options name="DefaultSearchBase" value="ou=Sales,dc=sybase,dc=com"/>
<config:options name="ProviderURL" value="ldap://192.168.1.2:389"/>
<config:options name="RoleSearchBase" value="ou=Sales,dc=sybase,dc=com"/>
<config:options name="AuthenticationScope" value="subtree"/>
<config:options name="ServerType" value="msad2k"/>
</config:authenticationProvider>
-
If your LDAP server’s SSL certificate is signed by a nonstandard certificate authority (for example, if it is a self-signed certificate), use the keytool utility to configure your JVM or JDK to trust the certificate. Execute a command similar to this:
keytool -import -keystore <SUP_installdir>\shared\JRE-<version>\bin\keytool\lib\security\cacerts -file
<your cert file and path> -alias ldapcert -storepass changeit
-
Restart all Unwired Servers in your cluster and any dependent services like Sybase Unified Agent and Relay Server as required.