Last modified by Aurelie Bertrand on 2024/11/25 11:18
From version 6.1
edited by Aurelie Bertrand
on 2024/07/10 16:39
Change comment: There is no comment for this version
To version 19.1
edited by Aurelie Bertrand
on 2024/08/20 14:50
Change comment: There is no comment for this version

Summary

Details

Page properties
Title
... ... @@ -1,1 +1,1 @@
1 -Guide d'installation Linux
1 +Installation guide for Linux
Content
... ... @@ -111,7 +111,7 @@
111 111  ==== Reverse Proxy Valve ====
112 112  
113 113  {{code language="shell"}}
114 -# Add this valve in the Host element towards the end of the file
114 +# Add this valve in the Host element near the end of the file
115 115  <Valve className="org.apache.catalina.valves.RemoteIpValve"
116 116   internalProxies="127\.0\.[0-1]\.1"
117 117   remoteIpHeader="X-Forwarded-For"
... ... @@ -140,11 +140,11 @@
140 140  ==== Log Valve ====
141 141  
142 142  {{code language="shell"}}
143 -# Add this valve in the Host element towards the end of the file
143 +# Add this valve in the Host element near the end of the file
144 144  <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" ></Valve>
145 145  {{/code}}
146 146  
147 -==== Limit the localhost_access_log file (optional) ====
147 +==== Limiting the localhost_access_log file (optional) ====
148 148  
149 149  To limit the size of the localhost_access_log file, add the //maxDays// parameter to the Access Log Valve and give it the value of the desired number of days.
150 150  
... ... @@ -156,7 +156,7 @@
156 156  
157 157  {{/code}}
158 158  
159 -=== Editing context.xml ===
159 +=== Editing the context.xml file ===
160 160  
161 161  (% class="wikigeneratedid" id="HEmplacement:2Fetc2Ftomcat92Fcontext.xml" %)
162 162  Location: /etc/tomcat9/context.xml
... ... @@ -201,7 +201,7 @@
201 201  sudo systemctl restart tomcat9.service
202 202  {{/code}}
203 203  
204 -=== Enabling automatic start service on startup ===
204 +=== Enabling automatic service start on startup ===
205 205  
206 206  {{code language="shell"}}
207 207  sudo systemctl enable tomcat9
... ... @@ -286,7 +286,317 @@
286 286  
287 287  = OpenDJ{{id name="OpenDJ"/}} =
288 288  
289 +== Installation ==
290 +
291 +1. Start by getting the latest version of the **opendj-4.x.x_all.deb **file from the website [[https:~~/~~/github.com/OpenIdentityPlatform/OpenDJ/releases>>url:https://github.com/OpenIdentityPlatform/OpenDJ/releases]] :
292 +
293 +{{code language="shell"}}
294 +wget https://github.com/OpenIdentityPlatform/OpenDJ/releases/download/4.x.x/opendj-4.x.x_all.deb
295 +{{/code}}
296 +
297 +(% start="2" %)
298 +1. Run the installation :
299 +
300 +{{code language="shell"}}
301 +sudo dpkg -i opendj_4.x.x_all.deb
302 +{{/code}}
303 +
304 +(((
305 +(% style="color:inherit; font-family:inherit; font-size:26px" %)Initial setup
306 +)))
307 +
308 +To simplify OpenDJ configuration, we are going to create a ‘setupOpenDJ.props’ file containing the options available to respond to the OpenDJ ‘setup’ utility (this avoids the configuration interface).
309 +The contents of this file are detailed below:
310 +
311 +(% class="box warningmessage" %)
312 +(((
313 +❗Don't forget to replace the parameters with your own. For example, replace the password with the one you want (here ‘adminOpenDJ1’).
314 +)))
315 +
316 +{{code language="shell"}}
317 +#
318 +# Sample properties file to set up OpenDJ directory server
319 +# See OpenDJ Setup command man for more options
320 +#
321 +rootUserDN =cn=Directory Manager
322 +rootUserPassword =adminOpenDJ1
323 +hostname =localhost.localdomain
324 +ldapPort =389
325 +adminConnectorPort =4444
326 +backendType =je
327 +baseDN =dc=digdash,dc=com
328 +addBaseEntry =true
329 +ldapsPort =636
330 +enableStartTLS =false
331 +generateSelfSignedCertificate =true
332 +start =true
333 +#sampleData =2000
334 +{{/code}}
335 +
336 +After saving the file, run the following command line:
337 +
338 +{{code language="shell"}}
339 +sudo /opt/opendj/setup --cli --propertiesFilePath setupOpenDJ.props --acceptLicense --no-prompt
340 +{{/code}}
341 +
342 +(% style="line-height:1.38; text-indent:-14.173228346456689pt; margin-top:13px; margin-bottom:13px; padding:0pt 0pt 0pt 14.173228346456689pt" %)
343 +== Additional setup ==
344 +
345 +1. Go to the OpenDJ installation directory:
346 +
347 +{{code language="shell"}}
348 +cd /opt/opendj/bin/
349 +{{/code}}
350 +
351 +(% start="2" %)
352 +1. (((
353 +LDIF files can be downloaded by clicking on the following link [[LDIF_OpenDJ>>attach:LDIF_OpenDJ.zip]].
354 +)))
355 +1. Create organisations using the ‘neworganisation.ldif’ file below :
356 +
357 +{{code language="shell"}}
358 +sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" neworganisation.ldif
359 +{{/code}}
360 +
361 +{{code}}
362 +dn: ou=default,dc=digdash,dc=com
363 +
364 +objectClass: organizationalUnit
365 +
366 +ou: default
367 +{{/code}}
368 +
369 +(% start="4" %)
370 +1. Set the password checker "Custom Character-set Password Validator":
371 +
372 +{{code language="shell"}}
373 +sudo /opt/opendj/bin/dsconfig create-password-validator --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" --validator-name "Custom Character-set Password Validator" --set character-set:1:abcdefghijklmnopqrstuvwxyz --set character-set:1:ABCDEFGHIJKLMNOPQRSTUVWXYZ --set character-set:1:0123456789 --set "character-set:1:\!\"#$%&'()*+,-./:;<=>?@[]^_\`{|}~" --set enabled:true --type character-set --no-prompt --trustAll --set allow-unclassified-characters:true
374 +{{/code}}
375 +
376 +(% start="5" %)
377 +1. Set the second password checker "Custom length Password Validator":
378 +
379 +{{code language="shell"}}
380 +sudo /opt/opendj/bin/dsconfig create-password-validator --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1"  --validator-name "Custom length Password Validator" --set min-password-length:12 --set enabled:true --type length-based --no-prompt
381 +{{/code}}
382 +
383 +(% start="6" %)
384 +1. Apply the two password checkers :
385 +
386 +{{code language="shell"}}
387 +sudo /opt/opendj/bin/dsconfig set-password-policy-prop --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" --policy-name "Default Password Policy" --set password-validator:"Custom Character-set Password Validator" --set password-validator:"Custom length Password Validator" --no-prompt
388 +{{/code}}
389 +
390 +(% start="7" %)
391 +1. Set the password policy for users using the ‘ppolicy.ldif’ file below:
392 +
393 +{{code language="shell"}}
394 +sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" ppolicy.ldif
395 +{{/code}}
396 +
397 +{{code}}
398 +dn: cn=ppolicy,ou=default,dc=digdash,dc=com
399 +objectClass: top
400 +objectClass: subentry
401 +objectClass: pwdPolicy
402 +cn: ppolicy
403 +pwdAttribute: userPassword
404 +pwdAllowUserChange: TRUE
405 +pwdCheckQuality: 1
406 +pwdExpireWarning: 600
407 +pwdFailureCountInterval: 30
408 +pwdGraceAuthNLimit: 5
409 +pwdInHistory: 5
410 +pwdLockout: TRUE
411 +pwdLockoutDuration: 900
412 +pwdMaxAge: 0
413 +pwdMaxFailure: 5
414 +pwdMinAge: 0
415 +pwdMustChange: FALSE
416 +pwdSafeModify: FALSE
417 +subtreeSpecification: {base "ou=users", specificationFilter "!(uid=admin)" }
418 +{{/code}}
419 +
420 +(% start="8" %)
421 +1. Set a second password policy for admin using the ‘ppolicy-admin.ldif’ file below:
422 +
423 +{{code language="shell"}}
424 +sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" ppolicy-admin.ldif
425 +{{/code}}
426 +
427 +{{code}}
428 +dn: cn=ppolicy-admin,ou=default,dc=digdash,dc=com
429 +objectClass: top
430 +objectClass: subentry
431 +objectClass: pwdPolicy
432 +cn: ppolicy-admin
433 +pwdAttribute: userPassword
434 +pwdAllowUserChange: TRUE
435 +pwdCheckQuality: 1
436 +pwdFailureCountInterval: 30
437 +pwdGraceAuthNLimit: 5
438 +pwdInHistory: 5
439 +pwdLockout: FALSE
440 +pwdMaxAge: 0
441 +pwdMinAge: 0
442 +pwdMustChange: FALSE
443 +pwdSafeModify: FALSE
444 +subtreeSpecification: {base "ou=users", specificationFilter "(uid=admin)" }
445 +{{/code}}
446 +
447 +(% start="9" %)
448 +1. Change password policy to allow pre-encoded passwords (useful for restores in Digdash):
449 +
450 +{{code language="shell"}}
451 +sudo /opt/opendj/bin/dsconfig set-password-policy-prop --policy-name "Default Password Policy" --set allow-pre-encoded-passwords:true --hostname localhost --trustAll --bindDN "cn=directory manager" --bindPassword "adminOpenDJ1" --no-prompt
452 +{{/code}}
453 +
454 +(% start="10" %)
455 +1. Create an admin user for Digdash using the “create_user_admin.ldif” file below:
456 +
457 +{{code language="shell"}}
458 +sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" create_user_admin.ldif
459 +{{/code}}
460 +
461 +{{code}}
462 +dn: uid=admin,ou=default,dc=digdash,dc=com
463 +objectClass: shadowAccount
464 +objectClass: inetOrgPerson
465 +cn: Admin Domain Default
466 +sn: Default
467 +uid: admin_default
468 +{{/code}}
469 +
470 +(% start="11" %)
471 +1. Assign the admin user the necessary rights using the “add_admin_right.ldif” and “add_admin_right2.ldif” files below:
472 +
473 +{{code language="shell"}}
474 +sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" add_admin_right.ldif
475 +{{/code}}
476 +
477 +{{code}}
478 +dn: ou=default,dc=digdash,dc=com
479 +changetype: modify
480 +add: aci
481 +aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow write on userpassword and shadowlastchange for admin"; allow(write) (userdn = "ldap:///uid=admin,ou=default,dc=digdash,dc=com");)
482 +aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow read,write on userpassword and shadowlastchange for auth users"; allow(read) (userdn = "ldap:///all");)
483 +aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow read on userpassword and shadowlastchange for anonymous"; allow(selfwrite) (userdn = "ldap:///anyone");)
484 +aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "*")(version 3.0; acl "allow write on * for admin"; allow(all) (userdn = "ldap:///uid=admin,ou=default,dc=digdash,dc=com");)
485 +aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "*")(version 3.0; acl "allow read on * for anonymous"; allow(read) (userdn = "ldap:///all");)
486 +{{/code}}
487 +
488 +{{code language="shell"}}
489 +sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" add_admin_right2.ldif
490 +{{/code}}
491 +
492 +{{code}}
493 +dn: uid=admin,ou=default,dc=digdash,dc=com
494 +changetype: modify
495 +add: ds-privilege-name
496 +ds-privilege-name: config-read
497 +ds-privilege-name: password-reset
498 +{{/code}}
499 +
500 +(% start="12" %)
501 +1. Generate an administrator password and remember it for later:
502 +
503 +{{code language="shell"}}
504 +sudo /opt/opendj/bin/ldappasswordmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" --authzID "u:admin"
505 +{{/code}}
506 +
507 +(% class="box infomessage" %)
508 +(((
509 +💡 If you want to set your own password for the admin user, you need to use a variation of the previous command:
510 +
511 +{{code language="shell"}}
512 +sudo /opt/opendj/bin/ldappasswordmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" --authzID "u:admin" --newPassword "mdpAdmin"
513 +{{/code}}
514 +)))
515 +
516 +(% style="line-height:1.38; text-indent:-14.173228346456689pt; margin-top:13px; margin-bottom:13px; padding:0pt 0pt 0pt 14.173228346456689pt" %)
517 +== Enabling automatic service start on startup ==
518 +
519 +1. Create the opendj.service file:
520 +
521 +{{code language="shell"}}
522 +sudo vi /etc/systemd/system/opendj.service
523 +{{/code}}
524 +
525 +(% start="2" %)
526 +1. And paste the following lines:
527 +
528 +{{code}}
529 +[Unit]
530 +
531 +Description=OpenDJ Server Daemon
532 +
533 +Wants=network-online.target
534 +
535 +After=network-online.target
536 +
537 +Conflicts=shutdown.target
538 +
539 + [Service]
540 +
541 +Type=simple
542 +
543 +Restart=no
544 +
545 +TimeoutSec=5min
546 +
547 +IgnoreSIGPIPE=no
548 +
549 +KillMode=process
550 +
551 +GuessMainPID=no
552 +
553 +RemainAfterExit=yes
554 +
555 +ExecStart=/opt/opendj/bin/start-ds --quiet
556 +
557 +ExecStop=/opt/opendj/bin/stop-ds --quiet
558 +
559 + [Install]
560 +
561 +WantedBy=multi-user.target
562 +{{/code}}
563 +
564 +(% start="3" %)
565 +1. Then type the following commands:
566 +
567 +{{code language="shell"}}
568 +systemctl daemon-reload
569 +
570 +systemctl enable --now opendj
571 +
572 +systemctl status opendj
573 +{{/code}}
574 +
575 +
576 +
577 +== Useful option ==
578 +
579 +The operation below is not part of the installation.
580 +However, it may be useful to know it for later use.
581 +
582 +=== Extending the limit for LDAP searches ===
583 +
584 +It is possible to extend the LDAP search limit to more than 1000 users with the “extend_search_limit.ldif” file below.
585 +
586 +{{code language="shell"}}
587 +sudo /opt/opendj/bin/ldapmodify --port 389 --bindDN "cn=Directory Manager" --bindPassword "adminOpenDJ1" extend_search_limit.ldif
588 +{{/code}}
589 +
590 +{{code}}
591 +dn: uid=admin,ou=default,dc=digdash,dc=com
592 +changetype: modify
593 +add: ds-rlim-size-limit
594 +ds-rlim-size-limit: 10000
595 +{{/code}}
289 289  (% style="line-height:1.2" %)
597 +== ==
598 +
599 +(% style="line-height:1.2" %)
290 290  == Installation ==
291 291  
292 292  1. Start by getting the latest version of the **opendj-4.x.x_all.deb **file from the website [[https:~~/~~/github.com/OpenIdentityPlatform/OpenDJ/releases>>url:https://github.com/OpenIdentityPlatform/OpenDJ/releases]]  :(((
... ... @@ -710,12 +710,12 @@
710 710  )))
711 711  )))
712 712  
713 -== Useful function ==
1023 +== Useful option ==
714 714  
715 715  The operation below is not part of the installation.
716 716  However, it may be useful to know it for later use.
717 717  
718 -=== Extend the limit for LDAP searches ===
1028 +=== Extending the limit for LDAP searches ===
719 719  
720 720  It is possible to extend the LDAP search limit to more than 1000 users with the “extend_search_limit.ldif” file below.
721 721  
... ... @@ -735,13 +735,13 @@
735 735  (% style="color:#ffffff; font-family:Consolas,sans-serif; font-size:11pt; font-style:italic; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)//ds-rlim-size-limit: 10000//
736 736  )))
737 737  
738 -= MariaDB (Préconisé){{id name="DB_ubuntu"/}} =
1048 += MariaDB (Recommended){{id name="DB_ubuntu"/}} =
739 739  
740 -La base de données MariaDB va servir à stocker les éléments suivants : Commentaires, données d'audit et formulaires de saisies.
1050 +The MariaDB database will be used to store the following elements: comments, audit data and data entry.
741 741  
742 -Cette base est plus pérenne qu'une base H2 c'est pourquoi nous préconisons son utilisation. Si vous possédez déjà une base de données sur laquelle Digdash peut écrire et lire alors passez à l'étape de configuration.
1052 +This database is more durable than an H2 database, that is why we recommend its use. If you already have a database that Digdash can write to and read from then proceed to the configuration step.
743 743  
744 -Cela fonctionne aussi avec Mysql ou Postgresql.
1054 +Mysql and Postgresql are also compatible.
745 745  
746 746  == Installation ==
747 747  
... ... @@ -750,28 +750,28 @@
750 750  {{/code}}
751 751  
752 752  {{code language="shell"}}
753 -#Démarrage de mariadb
1063 +#start mariadb
754 754  sudo systemctl start mariadb
755 -#Arrêt de mariadb
1065 +#Stop mariadb
756 756  sudo systemctl stop mariadb
757 -#Reload pour prise en compte de modification de configuration
1067 +#Reload to take into account the configuration changes
758 758  sudo systemctl reload mariadb
759 759  sudo systemctl force-reload mariadb
760 -#Connaître la version
1070 +#Display the version
761 761  mariadb --version
762 762  
763 763  {{/code}}
764 764  
765 765  (% class="wikigeneratedid" %)
766 -Lancer mysql_secure_installation, cela va permettre de sécuriser l'installation
1076 +Launch mysql_secure_installation. This will secure the installation.
767 767  
768 768  {{code language="shell"}}
769 769  sudo mysql_secure_installation
770 770  
771 -# Répondez oui à toutes les étapes
1081 +# Enter yes at all steps
772 772  {{/code}}
773 773  
774 -== Activation du lancement automatique du service au démarrage ==
1084 +== Enabling automatic service start on startup ==
775 775  
776 776  {{code language="shell"}}
777 777  sudo systemctl enable mariadb
... ... @@ -778,37 +778,36 @@
778 778  
779 779  {{/code}}
780 780  
781 -== Configuration côté base de données ==
1091 +== Database configuration ==
782 782  
783 -Nous allons créer une base pour chaque domaine et chaque webapps (par exemple prod_ddaudit et dev_ddaudit et ainsi de suite)
1093 +We will create a base for each domain and each webapps (for example prod_ddaudit and dev_ddaudit and so on)
784 784  
785 -Dans l'exemple ci dessous, nous allons considérer qu'il n'existe qu'uenvironnement 'default'.
1095 +In the example below, we will consider that there is only one 'default' environment.
786 786  
787 787  {{code language="shell"}}
788 -# Lancer mariadb
1098 +# Start mariadb
789 789  sudo mariadb -u root -p
790 790  
791 -# Créer toutes les bases de dones nécessaires domaine_module.
1101 +# Create all necessary databases domain_module.
792 792  CREATE DATABASE default_ddaudit;
793 793  CREATE DATABASE default_comment;
794 794  CREATE DATABASE default_ddentry;
795 795  
796 -# Créer un user pour chaque base de données domaine_user_module. Le mot de passe est un nouveau mot de passe à créer.
1106 +# Create a user for each database domaine_user_module. The password is a new one to create.
797 797  CREATE USER 'default_user_ddaudit'@'localhost' IDENTIFIED BY 'mynewpassword';
798 798  CREATE USER 'default_user_comment'@'localhost' IDENTIFIED BY 'mynewpassword';
799 799  CREATE USER 'default_user_ddentry'@'localhost' IDENTIFIED BY 'mynewpassword';
800 800  
801 -# Attribuer les droits aux utilisateurs sur les bonnes bases
1111 +# Assign rights on the databases to the user
802 802  GRANT ALL PRIVILEGES ON default_comment.* TO 'default_user_comment'@'localhost';
803 803  GRANT ALL PRIVILEGES ON default_ddaudit.* TO 'default_user_ddaudit'@'localhost';
804 804  GRANT ALL PRIVILEGES ON default_ddentry.* TO 'default_user_ddentry'@'localhost';
805 805  {{/code}}
806 806  
1117 += NGINX (Optional) =
807 807  
808 -= NGINX (Optionnel) =
1119 +Nginx is used as reverse proxy.
809 809  
810 -Nous utilisons Nginx comme reverse proxy.
811 -
812 812  == Installation ==
813 813  
814 814  {{code language="shell"}}
... ... @@ -815,7 +815,7 @@
815 815  sudo apt install nginx
816 816  {{/code}}
817 817  
818 -== Activation du lancement automatique du service au démarrage ==
1127 +== Enabling automatic service start on startup ==
819 819  
820 820  {{code language="shell"}}
821 821  sudo systemctl enable nginx
... ... @@ -823,18 +823,19 @@
823 823  
824 824  == Configuration ==
825 825  
826 -Créer le fichier de configuration portant le nom de votre machine ou de votre environnement. Dans cet exemple, on utilise 001-digdash.
1135 +Create the configuration file with the name of your machine or environment. In this example, we use 001-digdash.
827 827  
828 -Dans le dossier /etc/nginx :
1137 +In the /etc/nginx folder:
829 829  
830 830  {{code language="shell"}}
831 -# Créer le fichier de conf
1140 +# Create the conf file
832 832  sudo vi /etc/nginx/sites-available/001-digdash.conf
833 833  {{/code}}
834 834  
835 835  {{code language="shell"}}
836 -# Ajouter le contenu suivant à l'intérieur.
837 -# Remplacer .mondomaine.com pour server et les chemins Certificate(s) and private key, par vos informations.
1145 +# Add the following content inside.
1146 +# Replace .mydomain.com for server and paths
1147 +Certificate(s) and private key, par vos informations.
838 838  upstream backend_tomcat{
839 839   least_conn;
840 840   server localhost:8080 fail_timeout=0;
... ... @@ -882,13 +882,13 @@
882 882  }
883 883  {{/code}}
884 884  
885 -Puis créer un lien symbolique dans site enabled
1195 +Then create a symbolic link in sites-enabled
886 886  
887 887  {{code language="shell"}}
888 888  sudo ln -s  /etc/nginx/sites-available/001-digdash.conf /etc/nginx/sites-enabled/001-digdash.conf
889 889  {{/code}}
890 890  
891 -Créer le fichier digdash_ssl_params contenant la politique de securité.
1201 +Create the digdash_ssl_params file containing the security policy:
892 892  
893 893  {{code language="shell"}}
894 894  sudo vi digdash_ssl_params
... ... @@ -917,11 +917,11 @@
917 917  add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
918 918  {{/code}}
919 919  
920 -= (% id="cke_bm_868S" style="display:none" %) (%%)Configuration DigDash après installation =
1230 += (% id="cke_bm_868S" style="display:none" %) (%%)Configuring DigDash after installation =
921 921  
922 -== Lancement de Digdash ==
1232 +== Starting Digdash ==
923 923  
924 -1. Redémarrer le service Tomcat.
1234 +1. Restart Tomcat service.
925 925  
926 926  {{code language="shell"}}
927 927  sudo service tomcat9 restart
... ... @@ -928,81 +928,81 @@
928 928  {{/code}}
929 929  
930 930  (% start="2" %)
931 -1. Vérifier le déploiement des war dans le dossier d’installation home/digdash/webapps/default.
932 -1. Accéder à DigDash sur ladresse suivante : [[__http:~~/~~/localhost:8080/adminconsole__>>url:http://localhost:8080/adminconsole]].
933 -Le login / mot de passe sera admin / admin.
1241 +1. Check the war deployment in the installation folder home/digdash/webapps/default.
1242 +1. Access DigDash homepage at the following address : [[http:~~/~~/localhost:8080/adminconsole>>url:http://localhost:8080/adminconsole]]
1243 +The login/password is admin/admin.
934 934  
935 -[[image:Homepage2023R2.png||alt="Page_accueil"]]
1245 +== Connecting Digdash to the installed OpenDJ server ==
936 936  
937 -== Branchement de Digdash au serveur OpenDJ installé ==
1247 +Open [[http:~~/~~/localhost:8080/adminconsole/>>url:http://localhost:8080/adminconsole/]], **Configuration -> Server settings -> Servers -> LDAP Server**.
938 938  
939 - Aller dans **Configuration -> Paramètres serveur-> Serveurs -> LDAP**.
1249 +* Port:  389
1250 +* User: uid=admin, ou=default,dc=digdash,dc=com
1251 +* Password: OpenDJ admin password
940 940  
941 -* Port :  389
942 -* Utilisateur : uid=admin, ou=default,dc=digdash,dc=com
943 -* Mot de passe : mot de passe admin de OpenDJ
1253 +[[image:LDAPserver_ok.png||alt="LDAP server"]]
944 944  
945 -[[image:1675171192455-197.png]]
1255 +Then click the **LDAP Queries** button and enter "**ou=default**" in the **Domain Tree** field for all the fields to be automatically filled as below.
946 946  
947 -Cliquer ensuite sur **Requêtes LDAP**, et entrer "**ou=default**" dans le champ **Arbre du domaine** pour que les champs soient automatiquement renseignés comme ci-dessous.
1257 +[[image:LDAPqueries_ok.png||alt="LDAP queries"]]
948 948  
949 -[[image:1675171204379-473.png]]
1259 +== Changing the supervisor password and creating the LDAP account ==
950 950  
951 -== Modification du mot de passe superviseur et création du compte LDAP ==
1261 +=== Changing the supervisor password ===
952 952  
953 -=== Modification du mot de passe superviseur ===
1263 +Open **Configuration  -> Server settings > Servers -> Enterprise Server **and enter a new password in the **Supervisor Password** field.
954 954  
955 -Aller dans **Configuration  -> Paramètres serveur > Serveurs -> Serveur Enterprise** et entrer un nouveau mot de passe dans le champ **Mot de passe du Superviseur**.
1265 +[[image:EnterpriseServer.png||alt="Supervisor password"]]
956 956  
957 -[[image:Serveur_enterprise.png||alt="Serveur enterprise"]]
1267 +=== Creating the LDAP account ===
958 958  
959 -=== Création du compte LDAP ===
1269 +1. Open **Configuration -> User management -> Users**.
1270 +1. Create a new admin user and assign him all roles and authorizations groups.
1271 +1. In the **Password** field, enter the new supervisor password defined above.
960 960  
961 -1. Aller dans **Configuration -> Gestion des utilisateurs -> Utilisateurs**.
962 -1. Créer un nouvel utilisateur admin et lui attribuer tous les rôles et groupes d'autorisation.
963 -1. Dans le champ **Mot de passe**, entrer le nouveau mot de passe du superviseur défini ci-dessus.
1273 +[[image:User_password.png||alt="User password"]]
964 964  
965 -[[image:MdP_LDAP.png||alt="Compte LDAP"]]
1275 +== Database configuration ==
966 966  
967 -== Configuration des bases de données ==
1277 +=== Audit data database ===
968 968  
969 -=== Base de données Données d'audit ===
1279 +Open **Configuration -> Server settings -> Databases -> Audit data **and enter the URL, user and password.
970 970  
971 -(% class="wikigeneratedid" id="HAllerdansConfiguration-3EParamE8tresserveur-3ECommentairesetrenseignericil2019URL2Cl2019utilisateuretlemotdepasse." style="line-height: 1.2; text-align: justify; margin-top: 13px; margin-bottom: 13px;" %)
972 -Aller dans **Configuration -> Paramètres serveur -> Base de données -> Données d'audit** et renseigner ici l’URL, l’utilisateur et le mot de passe.
973 -
974 -(% class="wikigeneratedid" style="line-height: 1.2; text-align: justify; margin-top: 13px; margin-bottom: 13px;" %)
975 975  **URL **: //jdbc:mariadb:~/~/localhost:3306/default_ddaudit//
976 976  
977 -Cette solution permet de sécuriser l’accès à la base de données d'audit.
1283 +This solution makes it possible to secure access to the audit database.
978 978  
979 -[[image:Données_audit.png||alt="Données_audit"]]
1285 +[[image:Audit_data.png||alt="Audit data"]]
980 980  
981 -=== Base de données Commentaires ===
1287 +=== Comments database ===
982 982  
983 -(% class="wikigeneratedid" id="HAllerdansConfiguration-3EParamE8tresserveur-3ECommentairesetrenseignericil2019URL2Cl2019utilisateuretlemotdepasse." style="line-height: 1.2; margin-top: 13px; margin-bottom: 13px; text-align: justify;" %)
984 -Aller dans **Configuration -> Paramètres serveur -> Base de données -> Commentaires** et renseigner ici l’URL, l’utilisateur et le mot de passe.
1289 +Open **Configuration -> Server settings -> Databases -> Audit data **and enter the URL, user and password.
985 985  
986 -(% class="wikigeneratedid" style="line-height: 1.2; margin-top: 13px; margin-bottom: 13px; text-align: justify;" %)
987 -**URL** ~:// jdbc:mariadb:~/~/localhost:3306/default_comment//
1291 +**URL** ~:// jdbc:mariadb:~/~/localhost:3306/default_comment//
988 988  
989 -Cette solution permet de sécuriser l’accès à la base de données de commentaires.
1293 +This solution makes it possible to secure access to the comment database.
990 990  
991 -[[image:Commentaires.png||alt="Commentaires"]]
1295 +[[image:Comments.png||alt="Comments"]]
992 992  
993 993  (% style="line-height: 1.2; text-indent: 0.153543pt; text-align: justify;" %)
994 -=== Base de données Saisie de données ===
1298 +=== Data entry database ===
995 995  
996 -(% class="wikigeneratedid" id="HAllerdansConfiguration-3EParamE8tresserveur-3ECommentairesetrenseignericil2019URL2Cl2019utilisateuretlemotdepasse." style="line-height: 1.2; text-align: justify; margin-top: 13px; margin-bottom: 13px;" %)
997 -Aller dans **Configuration -> Paramètres serveur -> Base de données -> Saisie des données**.
1300 +Open **Configuration -> Server settings -> Databases -> Data entry **and enter the URL, user and password.
998 998  
999 -(% class="wikigeneratedid" style="line-height: 1.2; text-align: justify; margin-top: 13px; margin-bottom: 13px;" %)
1000 -Cocher la case **Activer la saisir de données** et sélectionner une base de données dans la liste déroulante.
1302 +Select the **Enable data entry** checkbox and select a database in the drop-down list below.
1001 1001  
1002 1002  (% class="wikigeneratedid" style="line-height: 1.2; text-align: justify; margin-top: 13px; margin-bottom: 13px;" %)
1003 -[[image:1698407220646-676.png||alt="Saisie données"]]
1305 +[[image:Data_entry.png]]
1004 1004  
1005 1005  (% class="wikigeneratedid" style="line-height: 1.2; text-align: justify; margin-top: 13px; margin-bottom: 13px;" %)
1006 -Il faut, au préalable, avoir créé une connexion à la base de données depuis le **Gestionnaire des connexions aux de données** dans le Studio. Consultez la page [[Gestionnaire des connexions aux bases de données>>doc:dev:Digdash.user_guide.studio.managers.dbconnections.WebHome]] pour plus de détails. 
1007 -Entrer default.user.ddentry pour l'utilisateur et le mot de passe défini à l'étape précédente. 
1008 -Le nom défini dans le champ **Nom de connexion **est celui qui apparaîtra dans la liste déroulante de sélection de la base de données.
1308 +You must first have created a connection to the database from the Data connection manager in the Studio.
1309 +Enter default.user.ddentry for the user and password defined in the previous step.
1310 +The name defined in the **Login Name** field is the one that will appear in the database selection drop-down list.
1311 +
1312 +== DigDash Services ==
1313 +
1314 +Open the Server status page : [[__http:~~/~~/localhost:8080/ddenterpriseapi/serverstatus?adminDomain=adminconsole&serverDomain=ddenterpriseapi__>>url:http://localhost:8080/ddenterpriseapi/serverstatus?adminDomain=adminconsole&serverDomain=ddenterpriseapi]]
1315 +
1316 +Check that the DigDash services are activated and that the maximum memory is well adapted to the capacity of the server. You must leave at least 4 GB for the system.
1317 +
1318 +[[image:Server_status.png||alt="Server status"]]