How to disable the feature "Combination of LDAP and Spotfire database authentication"
Article ID: KB0081332
Updated On:
| Products | Versions |
|---|---|
| Spotfire Server | 7.11 and above |
Description
Starting Spotfire 7.11 we have this new feature "Combination of LDAP and Spotfire database authentication".
If you configure authentication towards an external user directory such as an LDAP directory or a Windows NT Domain, you can combine this with adding users manually to the Spotfire database. This feature allows users to access Spotfire even though they are not part of the external user directory, and
ensures that administrators can access Spotfire even if the connection to the external user directory is lost.
If one wants to disable login for database user(s) when Spotfire server is configured for LDAP authentication, it can be achieved using the steps below. (resolution section)
If you configure authentication towards an external user directory such as an LDAP directory or a Windows NT Domain, you can combine this with adding users manually to the Spotfire database. This feature allows users to access Spotfire even though they are not part of the external user directory, and
ensures that administrators can access Spotfire even if the connection to the external user directory is lost.
If one wants to disable login for database user(s) when Spotfire server is configured for LDAP authentication, it can be achieved using the steps below. (resolution section)
Issue/Introduction
This knowledge base article describes how to disable login for database user(s) when Spotfire server is configured for LDAP authentication.
Environment
All supported operating systems
Resolution
- Export the spotfire server configuration using command line.
e.g: C:\tibco\tss\7.12.0\tomcat\bin>config export-config --force
- Edit the exported "configuration.xml" located in "C:\tibco\tss\7.12.0\tomcat\bin"
- Comment out or delete the below section.
--------------------------------------------------------------
<entry>
<login-module-name>com.spotfire.server.jaas.dblogin.DBLoginModule</login-module-name>
<control-flag>sufficient</control-flag>
<options />
</entry>
---------------------------------------------------------------
- Change "<control-flag>sufficient</control-flag>" to "<control-flag>required</control-flag>" in the below code.
----------------------------------------------------------------
<entry>
<login-module-name>com.spotfire.server.jaas.ldap.LDAPLoginModule</login-module-name>
<control-flag>required</control-flag>
<options>
<option>
<key>ldapConfig</key>
<value>LDAP</value>
</option>
<option>
<key>wildcardDomain</key>
<value>true</value>
</option>
</options>
</entry>
------------------------
- Save the file now and import it using the "import-config" command
- C:\tibco\tss\7.12.0\tomcat\bin>config import-config --comment=name of your choice
- Restart the Spotfire Server service.
e.g: C:\tibco\tss\7.12.0\tomcat\bin>config export-config --force
- Edit the exported "configuration.xml" located in "C:\tibco\tss\7.12.0\tomcat\bin"
- Comment out or delete the below section.
--------------------------------------------------------------
<entry>
<login-module-name>com.spotfire.server.jaas.dblogin.DBLoginModule</login-module-name>
<control-flag>sufficient</control-flag>
<options />
</entry>
---------------------------------------------------------------
- Change "<control-flag>sufficient</control-flag>" to "<control-flag>required</control-flag>" in the below code.
----------------------------------------------------------------
<entry>
<login-module-name>com.spotfire.server.jaas.ldap.LDAPLoginModule</login-module-name>
<control-flag>required</control-flag>
<options>
<option>
<key>ldapConfig</key>
<value>LDAP</value>
</option>
<option>
<key>wildcardDomain</key>
<value>true</value>
</option>
</options>
</entry>
------------------------
- Save the file now and import it using the "import-config" command
- C:\tibco\tss\7.12.0\tomcat\bin>config import-config --comment=name of your choice
- Restart the Spotfire Server service.
Additional Information
Feedback
Yes
No
Powered by
