Configuring Sybase Control Center Security

Once John logs shuts down Sybase Control Center, he must modify the configuration file for Sybase Control Center, so that it can also authenticate against the same LDAP directory as Unwired Server.

This task requires changes in two files: csi.properties and roles-map.xml.
  1. Use a text editor to open <UnwiredPlatform_InstallDir>\SCC-3_2\conf\csi.properties.
  2. Add the following lines:
    Make sure the number used for the loginModule is unique, in this example, 22. Review the properties file to ensure that no other entry is using this number.
    LDAP login module
CSI.loginModule.22.options.AuthenticationSearchBase=ou=users,dc=example,dc=com
CSI.loginModule.22.options.BindDN=cn=Directory Manager
CSI.loginModule.22.options.BindPassword=secret
CSI.loginModule.22.options.DefaultSearchBase=dc=example,dc=com
CSI.loginModule.22.options.ProviderURL=ldap://localhost:10389
CSI.loginModule.22.options.RoleSearchBase=ou=groups,dc=example,dc=com
CSI.loginModule.22.options.ServerType=openldap
CSI.loginModule.22.options.moduleName=SUP LDAP Login Module
CSI.loginModule.22.provider=com.sybase.ua.services.security.ldap.LDAPWithRoleLoginModule
CSI.loginModule.22.controlFlag=sufficient
CSI.loginModule.22.options.RoleScope=subtree
CSI.loginModule.22.options.AuthenticationScope=subtree
  3. Save the changes and close the file.
  4. Use a text editor to open <UnwiredPlatform_InstallDir>\SCC-3_2\conf\roles-map.xml.
  5. Remove current <role-mapping> entries and replace them with the following:
    <module name="SUP LDAP Login Module">
<role-mapping modRole="Acme SUP Administrator" uafRole="uaAnonymous,uaAgentAdmin,uaPluginAdmin,sccAdminRole,sccUserRole" />
<role-mapping modRole="Acme SUP Domain Administrator" uafRole="uaAnonymous,uaAgentAdmin,uaPluginAdmin,sccUserRole" />
<role-mapping modRole="ABC Domain Administrator" uafRole="uaAnonymous,uaAgentAdmin,uaPluginAdmin,sccUserRole" />
</module>
    These lines map logical Sybase Control Center roles to the LDAP directory physical roles. Specifically, the first line mapping for sccAdminRole gives 'Acme SUP Administrator' access to Sybase Control Center as administrator.
    Note: The Sybase Control Center infrastructure can be separately secured and managed by a different administrator. In this scenario, John is administrator of both Sybase Control Center and Unwired Platform infrastructures.
    As a Sybase Control Center administrator, the users granted this role can perform administration and configuration tasks from the Unwired Platform management console after a successful login.
    The last two entries give Acme Domain Administrator and ABC Domain Administrator access as a Sybase Contol Center user, which is mapped to sccUserRole.
  6. Save the changes and close the file.
  7. Start the Sybase Control Center service.
Parent topic: Securing the Administration Infrastructure
Previous topic: Configuring Unwired Server Security