Using Active Directory Authentication
To configure the Web Author Administration page to use authentication from an Active Directory server, you need to edit the shiro.ini file located in the following location depending on your type of distribution:
- WAR distribution: WEB-INF/shiro.ini
- Windows/Linux/All Platforms: tomcat/webapps/oxygen-xml-web-author/WEB-INF/shiro.ini
Replace the line:
usersFileRealm = ro.sync.auth.PropertiesRealmWithDefaultUsersFile
with some lines like this:
usersFileRealm = org.apache.shiro.realm.activedirectory.ActiveDirectoryRealm usersFileRealm.url=ldap://<server-address>:389 usersFileRealm.principalSuffix=@my-company.ro usersFileRealm.searchBase=CN=Users,DC=mycompany,DC=com usersFileRealm.groupRolesMap="CN=Web Author Admins,DC=mycompany,DC=com":"admin" usersFileRealm.systemUsername=<user> usersFileRealm.systemPassword=***
where
- principalSuffix is usually the mail domain so that you do not have to enter it in the login form.
- CN=Users,DC=mycompany,DC=com is a query used to search for the user.
- CN=Web Author Admins,DC=mycompany,DC=com is the group that will have access to the Web Author Administration page.
Note: The embedded license server does not support Active Directory authentication. The admin
user for that license server is the one configured during the installation procedure.