5.19.2 Creating ua.conf
ua.conf stores the repository access information (the LDAP directory server or RDB), the path to the encryption key file used to encrypt or decrypt the single sign-on user information, and other information used by the user authentication or single sign-on library.
- Organization of this subsection
(1) Location
The ua.conf location is as follows.
-
Windows:
Cosminexus installation directory\manager\config\ua.conf
-
UNIX:
/opt/Cosminexus/manager/config/ua.conf
Overwrite this ua.conf file or copy it to a new location. Specify the ua.conf location in the Java VM properties at the time of startup. For details about setting the Java VM properties at the time of startup, see 5.20 Java VM property setup.
Change the ua.conf access permission so that the Component Container administrators can reference the file. To learn more about setting the Component Container administrators, see 4.1.4 Notes on setting Component Container administrator (For UNIX) in the uCosminexus Application Server System Setup and Operation Guide.
(2) Specification
To enable user authentication by using the user authentication library and single sign-on by using the single sign-on library, configure the LDAP directory server URL, base DN, and access permissions.
When the single sign-on library function is used to implement single sign-on, select the encryption product and specify the encryption key file name. When the single sign-on function invokes a custom login module, specify the custom login module name and the directory that stores the class file associated with the custom login module.
To learn more about the ua.conf settings when using Active Directory as the LDAP directory server, see 5.16.4 Settings when using Active Directory.
To learn more about ua.conf, see 14.2.2 ua.conf (integrated user management configuration file).
(3) Changing and scrambling passwords
The uachpw command can be used not only to edit ua.conf but also to change the password specified in ua.conf used to access the LDAP directory server or RDB. Specifying the -scramble option when using the uachpw command to change the password used to access to the LDAP directory server or RDB can scramble the password.
When using the uachpw command to scramble the password, be sure to set the com.cosminexus.admin.auth.passwordScramble.enable key within the <configuration> tag of the logical J2EE server (j2ee-server) in the Easy Setup definition file.