...
| Info | ||
|---|---|---|
| ||
A user record must exist in FlexDeploy even for External Realm Users. This is necessary so that user can control Notification settings and allows the FD Administrator to provide additional Security if necessary. When users defined in an External Realm log in successfully for the first time, a new User record is created in FlexDeploy. At this point, the user is asked to provide various information like First Name, Last Name, Email etc. The password for such users is always managed by the External Server. Once the user provides the necessary details, an automatic logout will occur and the user will have to login one more time. At this point, user will be granted access based on Realm Group Mapping configured by the Administrator, which is explained later in this document. |
Create LDAP Realm
...
Realm configuration changes require a recycle of the FlexDeploy server process, including the mapping configuration, but changes on the Group Mapping tab do not require a recycle.
Using ldaps
FlexDeploy realm can be configured to use ldaps protocol, you just need to add server certificate to Java cacerts or application server trust store.
You may encounter java.security.cert.CertificateException: No subject alternative names present when using SSL connection and the hostname in connection URL is not valid when compared to the SSL certificate of the server. The reason this error in java 1.8.0_181 or higher is because this update includes security improvements for LDAP support. Endpoint identification has been enabled on LDAPS connections.
In such situation, you must regenerate LDAP server certificate with the certificate’s SAN or CN matching the hostname of LDAP server configured in connection URL.
This is not recommended for production installation, but you can temporarily disable this by adding -Dcom.sun.jndi.ldap.object.disableEndpointIdentification=true to server startup arguments.