Using the LDAP Checker Tool
This section explains how to use the LDAP Checker tool a script (ldap-checker.jar) that checks and reports on an LDAP configuration. Instructions for use are also provided in the README.txt file that accompanies the tool.
The ldap-checker script is included with the BaseSpace Clarity LIMS installation and is available at the following location:
/opt/gls/clarity/tools/ldap-checker
The ldap-checker script performs numerous checks of the LDAP configuration and reports on any incorrect items found.
Script Properties
Point the script to one or more files containing (at a minimum) the database connection properties. Alternatively, set these properties from the command line.
The script loads properties from the following sources and in the following order:
| 1. | Any JDBC properties files specified with -f (see the table for options). |
If multiple properties files specify the same property, the last file is used.
| 2. | Any Java system properties specified on the command line using -D<propertyName>=<propertyValue>. |
Properties specified on the command line are only checked if they do not appear in the properties files.
| 3. | The properties table in the database. |
The properties table is only checked if the same property is not already specified in the properties file or on the command line.
After the script has the basic database connection properties, it loads further settings from the corresponding BaseSpace Clarity LIMS database.
The following JDBC properties are required:
| • | jdbc.driverClassName |
| • | jdbc.url |
| • | jdbc.username |
| • | jdbc.password |
For v5.3, the jdbc.password should be encrypted for an increased level of security by using a command similar to the one below in the folder /opt/gls/clarity/tools/propertytool. This returned value should be enclosed in ENC() to indicates encryption. If the database password were "jdbcPassword", then the jdbc.password property should be ENC(vMsesX5byQHlsrce3Nhmyw==).
java -jar omxprops-ConfigTool.jar encryptPassword jdbcPassword
|
-f |
--files <f> |
Property files to process |
|
-h |
--help |
Show usage information |
|
-u |
--users <u> |
Usernames to check |
Run the Script
| 1. | Change to the directory containing ldap-checker tool: |
/opt/gls/clarity/tools/ldap-checker
| 2. | Run the script. To specify a properties file, use the following example: |
java -jar ldap-checker-<version>.jar -f database.properties
Example Properties File
The tool includes an example database.properties file. This example shows a properties file that is specified with the -f option.
The following options are available:
| • | Edit this file and use it. |
| • | Point the tool to another file that contains the required properties: |
<jboss>/server/default/conf/<propertiesfile>
| • | Provide properties on the command line, using -D. |
For example:
-Djdbc.url=<url to properties file>
Examples
Example 1: Using SSL
Specify and provide the path to the keystore:
java -Djavax.net.ssl.trustStore=/path/to/keystore -jar ldap-checker-<version>.jar -f database.properties
Example 2: Checking Users
To check a set of specific users (even those users that have not been provisioned), use the following script:
java -jar ldap-checker-<version>.jar -u usertocheck -f database.properties
Overriding Properties
To override properties that are typically loaded from the properties table, use command-line system properties or one or more properties files.
Using system property ( -D options must be specified before the -jar option):
java -Djavax.net.ssl.trustStore=/path/to/keystore -Dldap.managerPass=mypassword -jar ldap-checker-<version>.jar -u usertocheck -f database.properties
Using multiple properties files:
java -jar ldap-checker-<version>.jar -u usertocheck -f database.properties custom-ldap.properties
In this example, Custom-ldap.properties might resemble the following:
ldap.managerDn=CN=GLS Admin,CN=Users,DC=gls,DC=lan ldap.managerPass=mypassword
