Integrate UCM (ECM/Content Server) with Microsoft Active Directory as LDAP Provider
Content server is key component of Oracle Enterprise Content Management (ECM) or Universal Content Management (UCM). More on UCM’s architecture here
If you are new to Security in UCM then check Groups and Accounts here
In this post I’ll show you how to configure UCM with Active Directory as LDAP Provider for external security (Note* This integration process i.e. Active Directory as LDAP Provider is different from direct AD integration)
.
Things good to know for UCM integration with External Security
1. Content Server provides following security options
a) Internal Security – This is default configuration where you set up users, assign roles and accounts using the User Admin Applications.
b) External Security– You can configure Content Server with external LDAP servers (MS-AD, OID, iPlanet…) so user login, password and permissions are derived from one of external user base
i) Active Directory : User information is stored in Active Directory
ii) LDAP: User information is stored in LDAP compliant directory server (OID, iPlanet, IBM Tivoli DS..)
iii) Active Directory with LDAP : User information is stored in Active Directory but Content Server access user information (sitting in Active Directory) using LDAP provider (This integration is covered in this post)
.
2. First time an external user (user sitting in external source) logs in, they are added to database.
3. Files required for UCM integration with Active Directory with LDAP Provider (section iii in external security section above) are available in $CONTENT_SERVER_INSTALL_DIR/ custom/ActiveDirectoryLDAPComponent
4. In Content Server, you can combine authentication methods i.e. allow some users to login to using their Microsoft Domain identity while others using LDAP Provider. You could also configure multiple LDAP Providers for authentication.
.
Integration of UCM with Microsoft Active Directory LDAP Provider
1. Create an LDAP Provider for Active Directory (Change Provider class to ldap.ActiveDirectoryLdapProvider)
1.1 Login to content server as sysadmin http://server:port/idc (sysadmin/idc)
1.2 Click Administration -> Provider
1.3 Click on “Add” under “ldapuser”
.
.
.
In above case Active Directory is
– Running on machine win01.onlineappsdba.co.uk on port 389
– Users are stored in ou=UK,ou=myUsers,dc=onlineappsdba, dc=co,dc=uk
– Change Provider Class to ldap.ActiveDirectoryLdapProvider
.
.
Domain Controller for Active Directory is onlineappsdba and administrator is super user
.
.
1.4Restrat Content Server
1.5 Verify connection status forldap provider configured above
.
.
1.6Login to Content Server with user in Active Directory (You should now be able to login with AD user in IDC)
1.7 Check table db_admin.users (db_admin is schema name for Content Server)
DUSERAUTHTYPE column should be set to external
.
.
References
- Managing Security in UCM/ECM’s content Server
- Patch 6907073 ActiveDirectoryLDAP component for Content Server 10g R3