Perform the below steps for configuring LDAP on Klera.
Step 1: Configure SSL Certificate
If LDAP server is hosted on SSL, perform the following steps, else skip to Step 2.
Steps to install the Certificate-
- Log in to the machine where Klera is installed i.e. Klera server.
- Save the Trusted Certificate from LDAP administrator, on Klera server.
- Right-click on the Certificate and click Install Certificate.
- Select Local Machine and click Next.
- Select Place all Certificates in the following store.
- Click Browse and select Trusted Root Certification Authorities.
- Click Ok and Finish.
Steps to add Certificate to JVM Trusted Store-
Prerequisite - ADS Trusted Certificate
Note: The certificate will be provided by the ADS administrator. |
Follow the steps given below to run the command prompt as an Administrator and add the certificate to JVM Trusted Store:
- Login to the Server where Klera is installed.
- Open run by pressing "window + r" on keyboard and type msc and press Enter. Or, type services.msc in windows search bar (next to Start) and press Enter.
- The list of all the services will appear in a new window.
- On the right–side, under Name column, search for "Klera Elasticsearch" service.
- Right-click on "Klera Elasticsearch" and click on Stop.
- Click on Yes in the pop-up window that appears on the screen, if you want to stop these services.
- Wait for all the services to stop.
- Search for service name "Klera Electron Service".
- Right-click on "Klera Electron Service" and click on Stop.
- Wait for service to Stop.
- Copy ADS SSL Certificate in folder "<Klera Root Directory (For example: C:\Program Files\Klera\Klera)>”\Tools\InstallADSCertificateToKlera". Validate that"InstallADSCertificateToJVM.bat" file is also present in this folder.
- Rename SSL Certificate file name to "ADS_SSL.cer", in case it is different.
- Open the command prompt with Administrative rights and go to "<Klera Root Directory (For example: C:\Program Files\Klera\Klera)>”\Tools\InstallADSCertificateToKlera".
- Run the file "InstallADSCertificateToJVM.bat" as mentioned below:
> InstallADSCertificateToJVM.bat "<PATH_to_JRE>"
Here, PATH_to_JRE is the path of JRE installed on the Klera machine like "C:\Program Files\Java\jre1.8.0_201". - When the certificate is added successfully, a command prompt will open and the following message will get displayed-"Certificate was added to keystore. Press any key to continue . . .".
- Start Klera services in below order. Follow step#2 for opening service. For starting service, search for service name mentioned below, then right-click on service and click on Start.
- Klera Elasticsearch.
- Klera Electron Service.
- Klera PE Core Service Group.
- Klera Clustering Data Service
- Klera Content Viewer Service.
- Klera Machine Learning Service.
- Klera SDLC Google Search Service.
- Klera SDLC Service Group.
Post restart of above listed services, you can configure ADS running on SSL protocol with Klera.
Step 2: Configure LDAP on Klera
- Login to Klera.
- Right-click on the Floor (The empty canvas displayed after successful login). A context menu will appear.
- Select Security -> Configure Authentication Mode to open the form (as shown in the following screenshot).
- Select LDAP option from Authentication Mode and fill in rest of the details.
Open Advanced Settings: This is required to define or update user schema and group schema settings.
- If Directory Server Type is Microsoft Active Directory, OpenLDAP or Apache Directory Server, user and group schema settings can be modified using ‘Open Advance Settings’.
- In case of Custom directory server type LDAP, server schema settings need to be defined by admin.
Enable/ Disable ‘Open Advance Settings’ checkbox based on Directory Server Type that has been selected.
Note: If ‘Auto Enabled User ‘option is selected, users synced from ADS will automatically get enabled on Klera. Else, Klera admin will have to enable the users manually. - Click Configure.
- If you have selected ‘Open Advance Settings’, the below screen will appear. Validate/ Configure the parameter values in the form. Click Apply.
After successful completion of above steps, users can enter their Active Directory Username and Password to log in to Klera.