Example of syncing Active Directory group members to AVIX

Make sure that the AVIX server is started, exposing at least a repository named "AC" which contains the access control entities. The server should furthermore have been configured as outlined in the previous chapter.

CREATESet LDAPUserGroupup Group entity in avix for sync vs. ad

Start the AVIX application, and open an already existing db storage that makes use of the "AC" db storage for access control. (Or create a new db storage, and make it refer the "AC" db storage).

Open Security View and authenticate

Open the Security view (Help->Open Security). Authenticate with a user having administrative permissions (to edit the AC system itself).

CREATE ldap group

Click the "Create LDAP Group" to create this type of Group object:

~~Check~~

~~that firewall is open on server host for~~

Opening the ~~ports:~~editor of the new LDAP Group will display its attributes:

If"Identification" contain trivial informative fields. It is recommended to enter at least a good name. (Tracing of server-side syncs are easier if a name is given, since logging entries will include the group name.)

The "Authentication Parameters" contains fields that you may fill in to be able to try out communication with the Directory Service. As stated, these parameters are not stored and you need to ~~change~~re-enter them if you close the ~~ports~~editor. ~~of the AVIX server, do the following:~~

~~Stop the Windows service~~

~~Open the "configuration/se.solme.avix.prefs" file of the AVIX server~~

~~Under the preference section for [se.solme.avix.server.cdo], you can specify the following port (to another value than default being 2036):~~
- ~~cdo.server.tcp.ports=2050~~

~~Under the preference section for [se.solme.avix.server], you can specify the following port (to another value than default being 45500):~~
- ~~http.server.tcp.port=45510~~

~~Start the Windows service~~

JVM memory assignment

~~When the server application is installed as a Windows service, the memory allocated to the application by default is stated in the install script (~~~~commons-daemon\register_service.bat~~~~). The following lines are the instructions to the JVM, the "Java Virtual Machine", found in the install script. The relevant setting is indicated in~~ ~~bold~~ ~~font:~~

LogPath=%CURRENT_DIR%\logs\^ ++JvmOptions=-Xms256m^ ++JvmOptions=-Xmx16384m^ ++JvmOptions=-XX:SoftRefLRUPolicyMSPerMB=8000^ ++JvmOptions=-Dosgi.configuration.area=%CURRENT_DIR%\configuration\^ ++JvmOptions=-Dosgi.install.area=%CURRENT_DIR%\ commons-daemon\prunsrv.exe //ES/SolmeAviXServer

The "~~xmx"~~LDAP ~~memory~~Query" ~~assignment~~scheduling ~~can~~section is about entering the query string that will eventually be ~~changed~~used to get the members from the correct group in ~~two~~the ~~ways:~~Directory ~~Either~~Service. byAs ~~re-installation~~a ofconvenience, a query builder UI dialog is available (the little button adjacent to the ~~service~~text ~~(edit~~field).

Since queries are intended to be run server-side, we will not actually run the query AND affect the "~~register_service.bat"~~Group ~~file,~~Members" ~~and~~from ~~set~~this UI. It is possible however, if ones would like to trigger the ~~desired~~sync ~~value), or by changing a registry value for the installed service.~~manually.

The ~~latter~~"Sync scheduling" section is ~~most~~about ~~likely~~specifying ~~what~~the ~~you~~"cron" ~~want,~~expression ~~and~~for itscheduling the sync of the LDAP Group. Please refer to web guides for the cron UNIX tool for more information. Since AVIX are employing Quartz, the syntax can be ~~done~~explored byin ~~two~~these ~~methods.~~web ~~Regardless of which method you choose, you should first stop the service.~~resources:

Method 1 - Using the Registry Editor directly

http://www.quartz-scheduler.org/documentation/quartz-2.3.0/tutorials/crontrigger.html

~~The~~https://docs.oracle.com/cd/E12058_01/doc/doc.1014/e12030/cron_expressions.htm

~~node~~

ENTER details for a "jira" ldap group

We name the group "JIRA", since the intention is ~~found~~to sync against a known group in the ~~Windows~~Active ~~Registry~~Directory ~~Editor~~that ~~under:~~represent ~~Computer\HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Apache~~JIRA ~~Software~~users. ~~Foundation\Procrun 2.0\SolmeAviXServer\Parameters\Java~~

Having

Methodentered 2correct -authentication Usingparameters and established connection, it is possible to bring up the "servicequery manager"builder: executable

~~easier~~

Entering ~~way~~(a topart ~~achieve~~of) the ~~same~~name ~~registry~~of ~~change~~the Directory group and then hitting "Run query" will present the available groups matching the name:

If I select it, a well-formed "member-of" query is generated, and hitting its "Run query" button will present the members in the bottom pane:

Hitting "OK" will set the query expression in AVIX, but not import any members.

Now, the final piece of the puzzle is to ~~run~~provide ~~the~~a ~~”service~~cron ~~manager”~~expression, ~~executable. It is found here:~~ ~~commons-daemon\SolmeAviXServer.exe~~~~. Run it, and look on the Java tab:~~

~~Regardless which method you are using, assign the amount of xmx memory~~so that ~~you see fit. Example values: 16384m, 8192m, 4096m, 2048m (a judgement can be made, based on the amount of physical RAM the machine has).~~

~~Remember to restart~~ the server ~~service,~~will ~~when~~schedule ~~you~~a ~~have~~sync ~~changed~~job that will be triggered according to the ~~xmx~~cron. ~~registry~~

~~setting~~

~~the~~

~~service.~~