Faddom Help Center

Server Installation - Advanced Security Settings

Authentication – for a Linux-based Server installation

When the server is installed on a Linux system, all users should be defined in the Settings/Access Control/Users window. 

The first user is the Administrator user; additional users can be defined as needed.

It is also possible to configure the Faddom Tomcat Application Server to use LDAP authentication to integrate with Active Directory authentication.

To configure this, perform the following configuration steps:

  1. In the Access Control screen under settings, create a user with a name identical to your user name in Active Directory and assign it the Administrators role.
    This is to prevent you from being locked out after switching authentication methods.
  2. Log in to the Faddom Server appliance using ssh. The default password for the root user is admin.
  3. In the context.xml file in the /usr/local/tomcat9/conf folder, you need to define a JNDI realm to authenticate with LDAP. There is an example predefined in the configuration file which you can uncomment and use (see example below).
    Make sure to comment out the PostgresJDBCRealm to enable authentication with LDAP only.
  4. After making changes to the context.xml file, restart the tomcat service using the command: 
    systemctl restart tomcat

 

Following is a sample realm configuration. 

The bold fields need to be updated according to your environment, some additional fields may need to be changed based on your configuration; the LDAP user needs to be user-defined in Active Directory that tomcat can use to perform the LDAP queries. 

It does not need any special permissions.

<Realm className="org.apache.catalina.realm.JNDIRealm"
    connectionURL="ldap://<ldap-server-fqdn>:389"
    connectionName="<ldap-user>@example.com"
    connectionPassword="<ldap-user-password>"
   referrals="follow"
    userBase="CN=Users,DC=example,DC=com"
   userSearch="(sAMAccountName={0})"
   userSubtree="true"
    roleBase="CN=Users,DC=example,DC=com"
   roleName="name"
   roleSubtree="true"
    roleSearch="(member={0})" />

You can view the full details on JNDI Realm configuration in the official Apache documentation here: https://tomcat.apache.org/tomcat-9.0-doc/realm-howto.html#JNDIRealm

Troubleshooting:

If you are getting an invalid username/password error, check the localhost.XXXX.log file under the /usr/local/tomcat9/logs folder. There may be an issue with your JNDI Realm configuration

If you are getting a Permission Denied screen, you have logged in successfully but may have missed step 1 above to give your active directory user permissions to Faddom. Try reverting to the default authentication and providing your user access.

 

Setting up SSL access to the Faddom Server

The Faddom server comes pre-configured with SSL access, using a self-signed certificate on port 9443.

The certificate is located in a java keystore in /usr/local/tomcat9/conf/.keystore

It is possible to replace the certificate in the Keystore or use a different Keystore and configure it in the /usr/local/tomcat9/conf/server.xml file.

Detailed instructions on configuring SSL on tomcat and importing certificates can be found here: https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html

Was this article helpful?
0 out of 0 found this helpful

Comments