Configuring a Provider to Authenticate Sybase Control Center Logins

In a production environment, Unwired Server uses an LDAP provider to authenticate administrator login requests. Use the same values you used to configure the LDAP provider for Unwired Server.

1. Use a text editor to open <UnwiredPlatform_InstallDir>\SCC-XX\conf\csi.properties.
2. Define a module in this file, similar to the LDAP sample below.

   Each line of the LDAP server module of the properties file must begin with "CSI.loginModule." followed by a module number. The module number in this sample is 8, however you should use an index value that places the LDAP login module before the PreconfiguredUser login module. The module number must be unique in the properties file, and you must use the same number in every line of the module.

   For example, this module configures an LDAP provider module using Active Directory, so that administrators can log in to Sybase Control Center with their Windows user name.

   Notice that the controlFlag attribute is also set to sufficient, and the debug attribute is set to true.

   ===================================================
   
   CSI.loginModule.8.options.AuthenticationSearchBase=ou=sup,dc=mycompany,dc=com
   CSI.loginModule.8.options.BindDN=CN=suppad,ou=sup,dc=mycompany,dc=com
   CSI.loginModule.8.options.BindPassword=mybindpassword
   CSI.loginModule.8.options.DefaultSearchBase=ou=sup,dc=mycompany,dc=com
   CSI.loginModule.8.options.AuthenticationFilter=(&(sAMAccountName={uid})(objectclass=user)) 
   CSI.loginModule.8.options.RoleFilter=(&(objectclass=groupofnames) (objectclass=group)) 
   CSI.loginModule.8.options.RoleScope=subtree 
   CSI.loginModule.8.options.AuthenticationScope=subtree 
   CSI.loginModule.8.options.ProviderURL=ldap://msadserver:389 
   CSI.loginModule.8.options.RoleSearchBase=ou=sup,dc=mycompany,dc=com
   CSI.loginModule.8.options.ServerType=msad2k 
   CSI.loginModule.8.options.moduleName=SUP LDAP Login Module 
   CSI.loginModule.8.controlFlag=sufficient 
   CSI.loginModule.8.provider=com.sybase.ua.services.security.ldap.LDAPWithRoleLoginModule 
   CSI.loginModule.8.debug=true
   =====================================================
   

3. For some internal communication, you must include the Anonymous Login Module:

   # Anonymous Login Module
   CSI.loginModule.0.provider=com.sybase.ua.services.security.anonymous.AnonymousLoginModule
   CSI.loginModule.0.controlFlag=sufficient
   CSI.loginModule.0.options.moduleName=Anonymous Login Module
   CSI.loginModule.0.options.roles=uaAnonymous
   

   Adding this anonymous login module does not relax or allow anonymous access to the Sybase Control Center. Authentication and authorization checks are still enforced.
4. Save the file.
5. If your LDAP server uses a secure connection, and its SSL certificate is signed by a nonstandard certificate authority (for example, if it is self-signed), use the keytool utility to import it into the truststore. Execute a command similar to:

   keytool -import -keystore <UnwiredPlatform_InstallDir>\SCC_X-X\services\Messaging\lib\eas\lib\Repository\Security\truststore.jks -file 
   <your cert file and path> -alias ldapcert -storepass changeit
   

   Note: The \security\truststore.jks file does not exist. You must create the folder and the file before saving the certificate to this location.
6. Restart the Sybase Control Center X.X Windows service.
7. Open Sybase Control Center and log in.

• Encrypting a Password
  Use the passencrypt utility to encrypt passwords and other values that must be kept secure while stored in text files.