Access control to the WiKIDAdmin web UI is controlled by the Realm section of the file /opt/WiKID/tomcat/conf/server.xml. The realm currently is set to use postgres:
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="org.postgresql.Driver"
connectionURL="jdbc:postgresql://localhost:5432/wikid"
connectionName="tomcat" connectionPassword="" digest="MD5"
userTable="tomcat_users" userNameCol="username" userCredCol="password"
userRoleTable="tomcat_roles" roleNameCol="role"/>
You can change this to use Active Directory by commenting the above out and adding a JNDI Realm:
<!-- <Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="org.postgresql.Driver"
connectionURL="jdbc:postgresql://localhost:5432/wikid"
connectionName="tomcat" connectionPassword="" digest="MD5"
userTable="tomcat_users" userNameCol="username" userCredCol="password"
userRoleTable="tomcat_roles" roleNameCol="role"/> -->
<Realm className="org.apache.catalina.realm.JNDIRealm"
adCompat="true"
connectionName="AD_ADMIN_DN"
connectionPassword="AD_ADMIN_DN_PASS"
connectionURL="ldap://AD_IPADRESS:389"
userBase="cn=Users,,BASE_DN"
userSearch="(&(objectClass=user)(sAMAccountName={0})(memberof=cn=WiKIDAdmin,cn=Users,dc=,BASE_DN))"
userSubtree="true"
roleBase="cn=Users,,BASE_DN"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="false"
/>
Create a group called WiKIDAdmin in AD and place your Admin users in it.
Be sure to change AD_ADMIN_DN to an Admin AD login name, AD_ADMIN_DN_PASS to their password and BASE_DN to you DN (for example: dc=wikidsystems,dc=com). Change the IPADDRESS to the IP of a domain server. Restart the WiKID server.
If you would like to be able to do both postgres and AD, use the Combined Realm option:
<Realm className="org.apache.catalina.realm.CombinedRealm" >
<Realm className="org.apache.catalina.realm.JDBCRealm"
driverName="org.postgresql.Driver"
connectionURL="jdbc:postgresql://localhost:5432/wikid"
connectionName="tomcat" connectionPassword="" digest="MD5"
userTable="tomcat_users" userNameCol="username" userCredCol="password"
userRoleTable="tomcat_roles" roleNameCol="role"/>
<!--
Create a group in AD called WiKIDAdmin and assign all relevant users. Then change the
values of AD_ADMIN_DN, AD_ADMIN_PASS, and BASE_DN to match your AD configuration.
-->
<Realm className="org.apache.catalina.realm.JNDIRealm"
adCompat="true"
connectionName="AD_ADMIN_DN"
connectionPassword="AD_ADMIN_PASS"
connectionURL="ldap://IPADDRESS:389"
userBase="cn=Users,BASE_DN"
userSearch="(&(objectClass=user)(sAMAccountName={0})(memberof=cn=WiKIDAdmin,cn=Users,BASE_DN))"
userSubtree="true"
roleBase="cn=Users,BASE_DN"
roleName="cn"
roleSearch="(member={0})"
roleSubtree="false"
/>
</Realm>
Restart the WiKID server to have the changes take effect!