How To: HVRVALIDPW for LDAP users
Abstract:
This article provides the procedural steps to integrate LDAP and Local Data Processing Software to limit Local Data Processing Functions by hvr user.
Applies to:
The steps in this document applies to Local Data Processing on your HUB Server and for all Local Data Processing versions on any platform (Windows or Linux/UNIX) platforms.
Scenario:
You have multiple sites managing your Local Data Processing Replication. You may have a need to limit one groups access to Local Data Processing. Limiting a group will allow you to control what groups have the ability to perform certain hvr functions that can manipulate your databases.
Prerequisites:
1.Local Data Processing GUI on your HUB
2.PIP is installed
3.Python 2.7.9 - 2.7.12
4.Ldap3 module via pip on your HUB
Overview:·
Install python 2.7 thru 2.7.12 where your Local Data Processing HUB will reside
Set your PATHS to PYTHON
Install Python module LDAP3
Modify Local Data Processing relevant files
Permissions/Access Level - Limiting Local Data Processing user by AccessLevel- (Optional):
Steps:
The following are detailed steps to activate HVRVALIDPW for your LDAP services.
Step 1] Make sure python 2.7.9 – 2.7.12 is installed on your hub machine
- PS C:/hvr/hvr_home/bin> python –version
- Same command for Linux
Step 2] Set your PATH to your Python directory on your hub machine
- PS C:/hvr/hvr_home/bin> set PATH=%PATH%;C:Python27
- Same command for Linux, but replace %PATH% with $PATH and proper path to Python27 directory
Step 3] Make sure pythonldap3 library is installed on your hub machine (pip must be installed)
NOTE: pip module must be installed: shell>yum pip
- Windows: PS C:/hvr/hvr_homebin> pip install ldap3
- Linux: shell/hvr/hvr_home/bin > python -m pip install python-ldap3
- OR Linux: shell/hvr/hvr_home/bin > pip install python-ldap3
Step 4] Open HVR_HOME/lib/< access_rights.conf_example >
NOTE: Make backup files for original files that need to be renamed.
- This file will have user to access level mapping example for you to modify by user
- Set your ldap user1 as a ReadOnly user – in example user is satestro
- Set your ldap user2 as a ReadExec user – in example user is satestrexec
- Set your ldap user3 as a ReadWrite(super) user – not in example
- Most importantly save This file as access_rights.conf
Access_rights.conf (After edits – working example)
Step 5] Two files to perform actions on.
- Create a copy of hvrvalidpwldap file (not the conf example)
- copy hvrvalidpwldap to hvrvalidpw
- HVR_HOME/lib/ hvrvalidpwldap.conf_example
- copy hvrvalidpwldap.conf_example to hvrvalidpwldap.conf
- and edit adding your LDAP_Server value. Example below.
- In hvrvalidpwldap.conf enter your LDAP server on the line <LDAP_Server=> (my example below is using localhost)
Step 6] Start your hvrRemoteListener with the -A option
- Make sure HVR remote listener is started with -A option
WINDOWS:
PS C:/hvr/hvr_home/bin> .hvrremotelistener.exe -A -acs 4343
LINUX:
shell/hvr/hvr_home/bin> ./hvrremotlistener.exe –A 4343
Step 7] Connecting to your Local Data Processing HUB using your LDAP user
- Register HUB using your LDAP user
- satestro is my LDAP user in this example
Step 8] Verify you are connected by viewing your HVR GUI