Subsections
In order to setup security policies the administrator needs to typically setup the users in the WANdisco Security Agent's internal database. For large organization this can be cumbersome if the user information is already maintained in an external database like LDAP or NIS. For such a deployment, the WANdisco Security Agent for CVS provides integration with LDAP/NIS based authentication databases.
The integration allows the administrator to automatically synchronize the user properties (user id, password) from an LDAP/NIS database. The WANdisco Security Agent for CVS will periodically (default is every 5 minutes) connect with the LDAP/NIS database server and pull the user information. Using the WANdisco web console, the administrator can go and select the new users that were discovered during the synchronization with LDAP/NIS. The selected user's are then added to the WANdisco Security Agent's internal database. If CVS repository properties are configured correctly, the user and password information is also updated in the CVSROOT/passwd file. Using the CVSROOT/passwd file is a good idea as it increases the availability of CVS if the external authentication database is unavailable.
The following properties can be configured from the WANdisco Security Agent's web console to setup the LDAP/NIS integration:
The CVS properties section is common to both NIS and LDAP (* indicates mandatory):
- Executable*
- The CVS client executable. It is an obsolute path to the binary. Default is '/usr/bin/cvs'
- Host*
- WANdisco CVS proxy host. It can either be an IP address or a host name. Defaults is 'localhost'
- Port
- WANdisco CVS proxy port. It left blank, it will default to '2401'
- Username*
- The CVS username. This user must have 'Admin' rights to CVSROOT module
- Password*
- The password of the CVS user with 'Admin' rights
- Roots*
- A colon separated list of CVSROOTs.
- Default User*
- It will be used as the third entry in a CVSROOT/passwd file when updating the file with new users. The CVS server will switch to this user when executing the command.
- Temp Directory*
- The directory that will be used as a temporary working directory in order to run the CVS commands.
If setting up integration with LDAP, the following properties need to be setup (* indicates mandatory):
- Host*
- The hostname or the IP address of the LDAP server
- Port
- The port of the the LDAP server. If none specified, it defaults to 389
- Root DN*
- The string to login into LDAP server. It could be a 'username' or ROOTDN. An example of DN is 'cn=Manager,dc=example,dc=com'
- Password*
- The password for 'username' or ROOTDN
- Context*
- The context within the LDAP server to perform the search at. An example of the the context is 'dc=engineering,dc=example,dc=com'
- Search*
- The search object. If none specified, it defaults to 'person'
Note: The password should be stored in the same format (crypt etc) on LDAP server as the format on the CVS server machine.
If setting up integration with NIS, the following properties need to be setup (* indicates mandatory):
- Host*
- The hostname of the IP address of the NIS Server
- Port
- The port of the NIS Server.
- Domain*
- The domain that the NIS server is serving. An example of the domain is 'office.example.com'
Note: The password should be stored in the same format (crypt etc) on NIS server as the format on the CVS server machine.
