# Run this script from the command-line using the following command:

# config run simple-config-ldap.txt

# Before using this script you need to set the variables below:
set DB_DRIVER = "tibcosoftwareinc.jdbc.oracle.OracleDriver"
set DB_URL = "jdbc:tibcosoftwareinc:oracle://localhost:1521;SID=XE"
#set DB_DRIVER = "tibcosoftwareinc.jdbc.sqlserver.SQLServerDriver"
#set DB_URL = "jdbc:tibcosoftwareinc:sqlserver://<server>:<port>;DatabaseName=<d
atabase name>"
set DB_USER = "spotfire"
set DB_PASSWORD = "spotfire123"
set CONFIG_TOOL_PASSWORD = "sp00tfire"
# Set the default domain which will be used when trying to authenticate users th
at doesn't specify a domain name
set DEFAULT_DOMAIN="bdpdomain"
# The admin user will be assumed to belong to the default domain (as configured
above),
# unless the name includes the user's domain name, e.g. 'username@domain'
set ADMIN_USER = "spotfireadmin"
# See the help topic for create-ldap-config command
# for more information about these LDAP parameters.
# To view this help topic, run the following command:
# config help create-ldap-config
set LDAP_CONFIG_ID="ldap1"
set LDAP_SERVER_TYPE="Custom"
set LDAP_SERVERS="ldap://bdp-1.bdpdomain.com:389"
set LDAP_CONTEXTS="DC=bdpdomain,DC=com"
set LDAP_USERNAME="UID=ipausers,CN=admin,DC=bdpdomain,DC=com"
set LDAP_PASSWORD="hdp-mservice"
# To enable group synchronization:
# 1. Uncomment the lines where the LDAP_GROUP_SYNC_NAMES and LDAP_GROUP_SYNC_SCH
EDULE variables are set
# 2. Uncomment the lines where the config-ldap-group-sync is being called
#set LDAP_GROUP_SYNC_NAMES="<Account names or DNs of external groups to synchron
ize>"
#set LDAP_GROUP_SYNC_SCHEDULE="<Group synchronization cron schedule>"
echo Creating the database connection configuration
bootstrap --no-prompt --driver-class="${DB_DRIVER}" --database-url="${DB_URL}" \
--username="${DB_USER}" --password="${DB_PASSWORD}" --tool-password="${CONFIG_
TOOL_PASSWORD}"
echo
echo Creating the default configuration
create-default-config
echo
echo "Creating LDAP configuration '${LDAP_CONFIG_ID}'"
create-ldap-config --id="${LDAP_CONFIG_ID}" --type="${LDAP_SERVER_TYPE}" \
--servers="${LDAP_SERVERS}" --context-names="${LDAP_CONTEXTS}" \
--user-name-attribute="cn"--username="${LDAP_USERNAME}" --password="${LDAP_PASS
WORD}" --schedules="@minutely" --user-search-filter="uid=*"
echo
echo "Setting up group synchronization for LDAP configuration '${LDAP_CONFIG_ID}
'"

config-ldap-group-sync --id="${LDAP_CONFIG_ID}" --group-sync-enabled="true" \

--group-names="${LDAP_GROUP_SYNC_NAMES}" --schedules="${LDAP_GROUP_SYNC_SCHEDU
LE}" --group-search-filter="cn" --group-name-attribute="ipausergroup" --supports
-member-of=false --member-attribute="cn=admin"
echo
echo "Setting up the User Directory for LDAP using LDAP configuration '${LDAP_CO
NFIG_ID}'"
config-ldap-userdir --ldap-configs="${LDAP_CONFIG_ID}"
config-userdir --mode="ldap" --domain-name-style="dns"
echo
echo "Setting up BASIC Authentication for LDAP using LDAP configuration '${LDAP_
CONFIG_ID}'"
config-basic-ldap-auth --ldap-configs="${LDAP_CONFIG_ID}"
config-auth --auth-method="BASIC" --jaas-ldap --default-domain="${DEFAULT_DOMAIN
}"
echo
echo Importing the configuration
import-config --tool-password="${CONFIG_TOOL_PASSWORD}" \
--comment="First config using LDAP for authentication and user directory"
echo
echo Promoting the user '${ADMIN_USER}' to administrator
promote-admin --tool-password="${CONFIG_TOOL_PASSWORD}" --username="${ADMIN_USER
}"
echo