For hosted customers please raise a new case online and reference the title of this article. Please provide the name or URL of the Mosaic instances this relates to.
The scope of this article is for changing the IP address(s) or hostname(s) of the LDAP / Active Directory server(s) as is common when servers are moved or upgraded. It is therefore assumed that all the other settings remain the same. It does not cover the complete implementation.
For Self-Hosted customers:
New hostname
If the new LDAP / Active Directory server(s) have a different hostname(s) then the IP address(s) and hostname(s) will need adding to the hosts file on the Mosaic application server first in /etc/hosts.
Initial checks
Before changing the configuration in Mosaic, it is advised to confirm connectivity to the new LDAP / Active Directory servers. This can be tested beforehand by using telnet on the Mosaic application server using Putty.
See example below by using the IP address of the new LDAP / Active Directory server. It is assumed the LDAP servers are using port 389 but this will need to be confirmed. The default port for LDAP over TLS is 636, also known as LDAPS.
telnet ip_address_or_hostname_of_server port
e.g.
telnet 10.0.0.10 389
e.g.
telnet new_dirserv1 389
If the connection fails then the firewall rules will need to be updated to allow the connection.
Determine the type of Authentication
The type of authentication used by Mosaic will determine how the details of the new LDAP / Directory server(s) are saved in Mosaic. To determine the authentication method run the following SQL on the Mosaic database.β
select value from system_properties where name='authenticationMode'
Follow the steps for the authentication method, depending on the one currently used by Mosaic.
Directory Authentication
The Directory server details are located in a config file (usually called jaas.config) on the Mosaic application server.
The path to the jaas.config is defined in the Mosaic managed server startup parameters in the arguments field in Weblogic as follows: -
-Djava.security.auth.login.config=<WL_DOMAIN>/security/jaas.config
1. Edit the configuration file in a text editor as oracle, using the UTF-8 encoding e.g. WinSCP.
2. Replace the old server with the new server as specified in java.naming.provider.url
See example jaas.config below, where the new server new_dirserv1 has been used.
DatabaseAuthentication {
uk.co.corelogic.framework.security.auth.module.RDBMSLoginModule optional debug=false;
};
DirectoryAuthentication {
uk.co.corelogic.framework.security.auth.module.ActiveDirectoryLoginModule
optional
debug=false
java.naming.security.authentication="simple"
java.naming.provider.url="new_dirserv1:389"
userLoginIdentifier="uid"
searchBase="DC=testdomain,DC=local"
userUniqueIdentifier="DN"
anonymousBind="true"
accessControlGroup="cn=Mosaic,ou=CORELOGIC,ou=apps,ou=groups,o=corelogic,DC=testdomain,DC=local"
userObjectClass="inetOrgPerson";
};3. Save the jaas.config file.
4. The change will not take affect until Mosaic is restarted.
Active Directory Authentication
1. Get the current settings from the database my running the following SQL.
select value from system_properties where name='activeDirectoryUrl'
2. Using the value returned from the SQL above as a starting point, replace the old server(s) with the new server(s). NB. More than one server can be specified (separated by ;)
For example, before:-
ldaps://dirserv1:636
or
ldaps://dirserv1:636;ldaps://dirserv2:636
For example, after:-
ldaps://new_dirserv1:636
or
ldaps://new_dirserv1:636;ldaps://new_dirserv2:636
3. Update the database with the change by running the following SQL as fw. For example.
update system_properties set value='ldap://new_dirserv1:636' where name='activeDirectoryUrl'
4. The change will not take affect until Mosaic is restarted.
LDAP Authentication
1. Get the current settings from the database my running the following SQL.
select value from system_properties where name='ldapUrl'
2. Using the value returned from the SQL above as a starting point, replace the old server(s) with the new server(s).
For example, before:-
ldaps://dirserv1:636
or
ldaps://dirserv1:636;ldaps://dirserv2:636
For example, after: -
ldaps://new_dirserv1:636
or
ldaps://new_dirserv1:636;ldaps://new_dirserv2:636
3. Update the database with the change by running the following SQL as fw. For example:
update system_properties set value='ldap://new_dirserv1:636' where name='ldapUrl'
πNote: The change will not take effect until Mosaic is restarted.