Configuring a Security Provider for Sybase Control Center

In a production environment, once you have added required users to the repository used for Sybase Control Center authentication, you can use that directory to authenticate administration login requests. In a development environment, changing the security provider of "No Security" is optional.

Prerequisites
Backup the <SCC_HOME>\conf\csi.properties.
Task
  1. Exit Sybase Control Center.
  2. From Windows Services panel, stop the Sybase Unified Agent Service.
  3. From a text editor, open <SCC_HOME>\conf\csi.properties.
  4. Define a module in this file, similar to the LDAP sample below.

    Each line of the LDAP server module of the properties file must begin with "CSI.loginModule." followed by a module number. The module number in this sample is 8. The module number must be unique in the properties file, and you must use the same number in every line of the module.

    For example, this module configures an LDAP provider module using Active Directory, so that administrators can log in to Sybase Control Center with their Windows user name. 

    ===================================================

CSI.loginModule.8.options.AuthenticationSearchBase=ou=sup,dc=mycompany,dc=com
CSI.loginModule.8.options.BindDN=CN=suppad,ou=sup,dc=mycompany,dc=com
CSI.loginModule.8.options.BindPassword=mybindpassword
CSI.loginModule.8.options.DefaultSearchBase=ou=sup,dc=mycompany,dc=com
CSI.loginModule.8.options.AuthenticationFilter=(&(sAMAccountName={uid})(objectclass=user)) 
CSI.loginModule.8.options.RoleFilter=(&(objectclass=groupofnames) (objectclass=group)) 
CSI.loginModule.8.options.RoleScope=subtree 
CSI.loginModule.8.options.AuthenticationScope=subtree 
CSI.loginModule.8.options.ProviderURL=ldap://msadserver:389 
CSI.loginModule.8.options.RoleSearchBase=ou=sup,dc=mycompany,dc=com
CSI.loginModule.8.options.ServerType=msad2k 
CSI.loginModule.8.options.moduleName=SUP LDAP Login Module 
CSI.loginModule.8.controlFlag=sufficient 
CSI.loginModule.8.provider=com.sybase.ua.services.security.ldap.LDAPWithRoleLoginModule 
CSI.loginModule.8.debug=false
=====================================================
    Note: Change the values for only lines shown in bold.
    For a complete list of available LDAP properties you can configure, see System Administration > System Reference > Security Provider Configuration Properties > LDAP Configuration Properties.
  5. For some internal communication, you must include the Anonymous Login Module in the csi.properties file:
    # Anonymous Login Module
CSI.loginModule.0.provider=com.sybase.ua.services.security.anonymous.AnonymousLoginModule
CSI.loginModule.0.controlFlag=sufficient
CSI.loginModule.0.options.moduleName=Anonymous Login Module
CSI.loginModule.0.options.roles=uaAnonymous
    Adding this anonymous login module does not relax or allow anonymous access to the Sybase Control Center. Authentication and authorization checks are still enforced.
  6. Save the file.
  7. If your LDAP server’s SSL certificate is signed by a nonstandard certificate authority (for example, if it is self-signed), use the keytool utility to configure JVM to trust the certificate. Execute a command similar to this: 
    keytool -import -keystore <SUP_installdir>\shared\JRE-<version>\bin\keytool\lib\security\cacerts -file 
<your cert file and path> -alias ldapcert -storepass changeit
  8. Restart Sybase Unified Agent.
  9. Open Sybase Control Center and log in.
Parent topic: Security for Administration Users
Next topic: Setting Up Provider Roles in Sybase Control Center