Skip to Content

Pre-requisite

Before following the steps outlined here make sure that you have OpenDJ installed, configured, running and that a LDAP structure with OU, users and groups does exist. These documents explain how to get OpenDJ up and running:

The configurations steps outlined in this document are basically following the official SUP documentation, they are just adjusted for the actual OpenDJ installation.

Create a security configuration

Login to Sybase Control Center on http://sup:8283/scc Select Security on the right and create a new security configuration. Give it a meaningful name, like Android.

/wp-content/uploads/2012/08/supauth1_130812.jpg

Edit the authentication providers. Basically this is the same as outlined in the document NAME. Delete the standard NoSecProvider, add a new one and using the com.sybase.security.ldap.LDAPLoginModule as authentication provider.

/wp-content/uploads/2012/08/supauth2_130813.jpg

Configure the parameters as explained in the SUP documentation

/wp-content/uploads/2012/08/supauth3_130820.jpg

The parameter “Provider URL” points to your actual OpenDJ installation. The port 389 is a standard LDAP port and localhost is given because OpenDJ is running in the same machine as SUP.  Make sure that the parameters

  • Bind Password,
  • Authentication Search Base and
  • Role Search Base

reflect your actual OpenDJ configuration. To tell SUP what kind of LDAP server to expect, the parameter “Server Type” needs to be set to openldap.

/wp-content/uploads/2012/08/supauth4_130821.jpg

It is not necessary to configure an authorization provider, as SUP documentation explains. Validate and apply the changes.

/wp-content/uploads/2012/08/supauth5_130822.jpg

Now you have an additional security configuration. To make use of it the new configuration needs to be added to a domain. Add the new security configuration to the default domain.

/wp-content/uploads/2012/08/supauth6_130826.jpg

Now you can select the new security configuration when deploying a MBO with the SDK:

/wp-content/uploads/2012/08/supauth7_130827.jpg

To see what MBOs / applications are assigned to the security domain, you can use the SCC and check what is registered under the domain and security configuration.

/wp-content/uploads/2012/08/supauth8_130828.jpg

Now applications that are using the MBO will start making use of the security configuration. In the SUP101 example the deployed native Android app automatically will use the new configuration. The application used is SUP101 from the tutorials. This means that you have to provide the credentials in the source code:

private static String USERNAME = "<OpenDJ user>";
private static String PASSWORD = "<password>";

Build the app and run it on your Android simulator. The app will try to connect to SUP and load the DB, then present a screen containing a list of names. When the app is not able to load the data from SUP (aka: logon error), the screen won’t show the names.

/wp-content/uploads/2012/08/supauth9_130829.jpg

Loading the data.

/wp-content/uploads/2012/08/supauth10_130830.jpg

Showing the DB content

Verify setup

Does it really work? Let’s test the same application with wrong credentials for user android22


private static String USERNAME = "<OpenDJ user>";
private static String PASSWORD = "<wrong password>";

After starting the app:

/wp-content/uploads/2012/08/supauth11_130831.jpg

In the debug console the app will throw an authentication error;

/wp-content/uploads/2012/08/supauth12_130832.jpg

How does that look from the server side? In the SUP log the same authentication error will look like:

/wp-content/uploads/2012/08/supauth13_130833.jpg

To report this post you need to login first.

5 Comments

You must be Logged on to comment or reply to a post.

  1. David Clavey

    Very good Blog, I look forward to trying OpenDJ in my development environment. Currently I am using a combination OpenLDAP and JXplorer, but it looks like OpenDJ does it all. Thanks 🙂

    I assume that OpenDJ could also be used with Afaria. Have you got an example of the config you would use with Afaria ?

    (0) 
    1. Tobias Hofmann Post author

      Sorry, I do not have any example for Afaria. As OpenDJ implements the LDAP “standards” it should be possible to replace every LDAP server with OpenDJ

      (0) 
  2. Fibeesh Aboobacker

    Hi Tobias,

    I don’t have much knowledge about LDAP. I am trying to configure LDAP in SUP 2.1.3, I followed your three blogs. Now I want to login to SCC with the user I created in openDJ. So please help me to configure LDAP in SUP 2.1.3.

     

    Thanks & Regards,

    Fibeesh C.A

    (0) 
      1. Fibeesh Aboobacker

        Thank you Tobias,

        The link which you given is for SUP 2.1.2 and I am using SUP 2.1.3 in SUP 2.1.3 its not require to modify the csi.properties & roles-map.xml.

          

        I am able to authenticate the user for MBO with OpenDJ, I also want to authenticate SCC.

         

        Any way thank you for your great support, as a beginner your blogs helps me a lot.

          

        Regards,

        Fibeesh C.A

        (0) 

Leave a Reply