Integrating CTP with LDAP/AD

Chris ColosimoChris Colosimo Posts: 66 admin

Everybody who uses CTP should have a unique log in. This allows administrators to define permissions on specific resources as defined in this topic What are my permissions in CTP. Additionally this allows users to fully take advantage of their own unique workspace. The challenge with this is that if you have a large organization, manually entering all of the users that will be utilizing the solution would be daunting. Luckily, CTP integrates with LDAP and AD so that you can define and manage users and user groups in LDAP/AD and sync them with CTP

CONFIGURING LDAP WITH PARASOFT ENVIRONMENT MANAGER

Prerequisites: Download, Configure and install an Apache Tomcat Server. Add the EM.war and the PSTSEC.war Parasoft web app archives into the “[Apache Tomcat Installation Directory]/webapps” directory. Start the Server using the .bat or .sh script found in the “[Apache Tomcat Installation Directory]/bin” to deploy both services on your machine. Lastly delegate Parasoft Environment Manager to point to the Database you want to leverage. (HyperSQL, Oracle DB, or MySQL). Some prior LDAP Admin knowledge.

Step 1)

Log into Environment Manager with Administrative Credentials. By default these credentials are: admin, admin.

Step 2)

Now that you’re logged in as Admin, navigate to the EM Options Menu (The cog icon) click it. The in the dropdown click “Security Configuration”.

Step 3)

If the PSTSEC.war was added to the Webapps directory (Mentioned in the “Prerequisites” above) and the server was started, this service should now be deployed and accessible on your Tomcat Application Server machine. The simple way to verify this is to navigate to the URL in your browser:
http://localhost:8080/pstsec (default name and port if a local instance)
or
http://[machinename]:8080/pstsec

Step 4)

If the PSTSEC Service was successfully deployed you should be taken to a page that has a login screen. Enter the credentials: admin, admin.

Step 5)

Navigate to “Directories” and in the dropdown click “Add New”.

Step 6)

Enter your LDAP (Active Directory) address and credentials. If there aren’t any credentials then leave the User/Password fields empty

Step 7)

To verify if you are connecting to your LDAP directory click the “Check Connection” button. You should recieve a "Connection Successful" message

Do you only see Group Filters?

At this point you are ready to start configuring filters. By default pstsec will not import groups. This is because by default PSTSec is set to only import groups so you need to do the following

1. <CTP_Install_Directory>/webapps/pstsec/conf/ There is a file called PSTSecConfig.xml 2. Modify this line possibly line 28 <import-users-only>true</import-users-only> Modify to <import-users-only>false</import-users-only> 3. Restart CTP

Step 8) To only import and include specific user credentials instead of everyone’s, specify LDAP user filters here:

Create Directory Configuration > Advanced Configuration.

Search Filters

Always work with your LDAP/AD administrator when creating filters. They are known to be difficult and specific to the organizations standards

User search filter

filter that retrieves all the users that you want. Then add parameter (cn={0},sAMname={0},uid={0})
used in 2 ways
1. retrieve a list of users when you "Import Data" or job
2. Identify a specific LDAP entry. {0} it is a parameter
1. * = all users,
2. at runtime users {0}= currently logged in user

Group search filter

List of all group that you want in the tool. Then add parameter (cn={0})
used in 2 ways
1. retrieve a list of groups when you "Import Data" or job
2. Identify a specific LDAP entry. {0} it is a parameter
1. * = all groups,
2. at runtime users {0}= currently entry associated with the group that is handed to the filter 

Membership Search

Lists all Group LDAP entry that contains the specified member. Same as group but uses membership attribute. Give me all groups that have this user as a member. Then add parameter (member={0})
1. retrieve a list of members when you "Import Data" or job
2. Identify a specific LDAP entry. at runtime users {0}= determines to which groups the user is a member 
• Import Data will force all Data to be retrived (Refreshed) from LDAP server
• We expect the member attribute in an LDAP entry to be cn

Here are some examples of filters

User

(&(uid={0})(objectclass=personPARASOFTperson)(|(member=cn=virtualize_admin,ou=ParasoftVirtualize,ou=groups,DC=PARASOFT,DC=COM)(member=cn=virtualize_system,ou=ParasoftVirtualize,ou=groups,DC=PARASOFT,DC=COM)(member=cn=virtualize_provision,ou=ParasoftVirtualize,ou=groups,DC=PARASOFT,DC=COM)(member=cn=virtualize_users,ou=ParasoftVirtualize,ou=groups,DC=PARASOFT,DC=COM)))

Group

(&(cn={0})(|(cn=virtualize_users)(cn=virtualize_system)(cn=virtualize_provision)(cn=virtualize_admin))(objectclass=groupOfUniqueNames))

Membership

(&(member={0})(objectclass=group))

Leader Filter
(&(member={0})(cn=All leaders)(objectclass=group))

Step 10) Once this is configured click SAVE and Import

Tagged:

Comments

  • Chris ColosimoChris Colosimo Posts: 66 admin
    edited December 2016

    Additionally you need to modify PSTSecConfig.xml file so that it no longer provides a basic user table to CTP

    Modifying the below values wherver appears

    Original
    <pstsec-group-definition> <parents> <group isLeaders="false" name="GRS Basic Permissions"/> </parents> <children> <group isLeaders="true" name="{0} Leaders"> <parents> <group isLeaders="false" name="GRS Extended Permissions"/> </parents> </group> </children> <permissions> <permission key="project" tool="grs:localhost" value="{0}"/> </permissions> </pstsec-group-definition>

    Modified
    <pstsec-group-definition> <parents> </parents> <children> </children> <permissions> </permissions> </pstsec-group-definition>

Sign In or Register to comment.