Login configuration with plain password
For LDAPS, use only the login module described below.
1. Open JBoss CLI. Update the parameters in the CLI command to match your LDAPS server's hierarchical organizational structure.
/subsystem = security/security-domain = PlanonSecurityDomain/authentication = classic/login-module = org.jboss.security.auth.spi.LdapExtLoginModule /:add(code = org.jboss.security.auth.spi.LdapExtLoginModule,flag = required,module-options = ["java.naming.provider.url" => "ldaps://host:port/", "throwValidateError"=>"true", "baseCtxDN"=>"dc=development, dc=planon, dc=nl", "bindDN"=>"uid=testuser1, ou=users, dc=development, dc=planon, dc=nl", "bindCredential"=> "mypassword", "baseFilter"=>"(uid=
{0})", "rolesCtxDN"=>"ou=users, dc=development, dc=planon, dc=nl", "roleFilter"=>"(uid={0}
)", "roleAttributeID"=>"memberOf", "roleAttributeIsDN"=>"true", "roleNameAttributeID"=>"cn", "searchScope"=>"ONELEVEL_SCOPE", "allowEmptyPasswords"=>"false"])
{0})", "rolesCtxDN"=>"ou=users, dc=development, dc=planon, dc=nl", "roleFilter"=>"(uid={0}
)", "roleAttributeID"=>"memberOf", "roleAttributeIsDN"=>"true", "roleNameAttributeID"=>"cn", "searchScope"=>"ONELEVEL_SCOPE", "allowEmptyPasswords"=>"false"])
2. You must grant the Planon ‘role’ to the authenticated user in the server login configuration. Execute the following in JBoss CLI:
/subsystem=security/security-domain=PlanonSecurityDomain/authentication=classic/login-module =com.planonsoftware.jboss.login.artemis.server.CommitPlanonUserLoginModule/:add
(code=com.planonsoftware.jboss.
login.artemis.server.CommitPlanonUserLoginModule,flag=required,module-options="roles"=>"Planon")
(code=com.planonsoftware.jboss.
login.artemis.server.CommitPlanonUserLoginModule,flag=required,module-options="roles"=>"Planon")
3. Add your certificate to the client cacerts keystore if needed (for example self-signed certificate). To do so use the following command:
The keytool can be found in the following location ...\Server\jdk-*\bin
keytool -cacerts -import -trustcacerts -noprompt -file path\to\your\certificate.crt -alias yourAlias -storepass changeit
4. Restart your service for the changes to take effect.
5. When a user logs on to Planon Software Suite, the user credentials are first authenticated against LDAPS and subsequently it is verified whether the user name exists in Planon Software Suite. If both tests succeed, the user is logged on. If either test fails, the user is not granted access.
 | The user name in LDAPS and in Planon must be the same. |