Table of Contents |
---|
Environment requirements
Hardware
A physical or virtual server with:
- 2 core CPU
- 2Gb RAM
- 40G storage
Software
- FIXICC H2 machine:
- RHEL 7 / RHEL 8
- OpenJDK 1.8
- Consul agent in the client mode
- FIXEdge Cpp machine:
- Consul agent in the client mode
- On the network:
- PostgreSQL Database
- 1 user with DDL privileges (to run the database migration, can also be used to run the normal FIXICC H2 operation)
- (Optional) 1 user without DDL privileges (to run the normal FIXICC H2 operation)
- Consul cluster (can be deployed on the same machines as FIXEdge Cpp or FIXICC H2)
- PostgreSQL Database
- Client workstations:
- Chrome browser
Preconfiguration
Before you start working with the FIXICC H2, you should install and configure the FIX engine and Consul application.
Consul configuration
To find the Consul installation instructions, please follow the link.
For non-production use, you can run Consul in developer mode with the command: consul agent -dev
.
For production use - please follow the link.
To configure the encrypted connection from FIXICC H2 to Consul on the Consul side, please refer to the link.
FIXICC H2 settings
You should choose a directory on your workstation for FIXICC H2 files.
You have your FIXICC H2 instance in the app.jar file. To complete the configuration, please create the local.app.properties file.
You can place the app.jar file for the FIXICC H2 application and local.app.properties (FIXICC H2 properties file) in the same directory, or store them separately.
Before you start your work, please set the database type for data storage.
FIXICC H2 is compatible with PostgreSQL databases.
Please configure the FIXICC H2 according to the instance of the local.app.properties in your FIXICC H2 package, set the following properties:
...
Default Value
...
-
...
application
...
The value indicates that the data source must be configured using application properties
...
-
...
-
...
-
...
-
...
-
...
fixicch2.consul.encrypted_connection
...
false
...
fixicch2.consul.port
...
8500
...
fixicch2.consul.insecure_connection_enabled
...
false
...
Configures the type of the server to work with.
Allowed values: FIXEdge CPP, FIXEdge Java, any other value means two types of the supported servers.
...
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
cuba.dbmsType = postgres
cuba.dataSourceProvider = application
cuba.dataSource.username = C##CUBA
cuba.dataSource.password =cuba
cuba.dataSource.dbName = PTGSDB
cuba.dataSource.host = 10.68.21.182
cuba.dataSource.port =1521
fixicch2.consul.encrypted_connection =true
fixicch2.consul.port =8501
fixicch2.consul.insecure_connection_enabled =false
fixicch2.fixServerType = FIXEdge CPP |
As well, the following parameters can be configurated through the "Application Properties" page on FIXICC H2:
...
Default Value
...
Configures the type of the server to work with.
Allowed values: FIXEdge CPP, FIXEdge Java, any other value means two types of the supported servers.
...
Info |
---|
Notice: If the parameters from the table above were configured in the local.app.properties file, values from the file would be applied despite values changed through the "Application Properties" page |
Logging configuration
To configure the logging level for the FIXICC H2 application, please create the logback.xml and locate it in the directory as the local.app.properties file locates.
The logback.xml file is not mandatory.
For further information please refer to the link.
Code Block | ||||
---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?>
<configuration debug="false" packagingData="true">
<property name="logDir" value="${app.home}/logs"/>
<appender name="File" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDir}/app.log</file>
<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<level>INFO</level>
</filter>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<!-- daily rollover -->
<fileNamePattern>${logDir}/app.%d{yyyy-MM-dd}.log</fileNamePattern>
<!-- keep 30 days' worth of history -->
<maxHistory>5</maxHistory>
<cleanHistoryOnStart>true</cleanHistoryOnStart>
</rollingPolicy>
<encoder>
<pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} %-5level [%thread%X{cubaApp}%X{cubaUser}] %logger - %msg%n</pattern>
</encoder>
</appender>
<root>
<appender-ref ref="File"/>
</root>
<!-- Begin CUBA -->
<logger name="com.haulmont.cuba" level="INFO"/>
<logger name="com.haulmont.cuba.core.sys" level="INFO"/>
<logger name="com.haulmont.cuba.core.sys.CubaDefaultListableBeanFactory" level="WARN"/>
<logger name="com.haulmont.cuba.core.app.scheduling" level="INFO"/>
<logger name="com.haulmont.cuba.web.sys" level="INFO"/>
<logger name="com.haulmont.cuba.portal" level="INFO"/>
<logger name="com.haulmont.restapi.sys" level="INFO"/>
<logger name="com.haulmont.cuba.core.app.LockManager" level="INFO"/>
<!-- End CUBA -->
<logger name="eclipselink" level="WARN"/>
<logger name="eclipselink.sql" level="INFO"/>
<logger name="org.springframework" level="WARN"/>
<logger name="com.vaadin" level="WARN"/>
<logger name="org.atmosphere" level="WARN"/>
<logger name="org.activiti" level="INFO"/>
<logger name="org.jgroups" level="INFO"/>
<logger name="freemarker" level="INFO"/>
<logger name="org.thymeleaf.TemplateEngine" level="INFO"/>
<logger name="com.zaxxer.hikari" level="INFO"/>
<logger name="org.docx4j" level="WARN"/>
<logger name="org.xlsx4j" level="WARN"/>
<logger name="org.apache.fop.apps.FOUserAgent" level="WARN"/>
<logger name="org.hibernate" level="WARN"/>
<logger name="sun" level="INFO"/>
<logger name="com.sun" level="INFO"/>
<logger name="javax" level="INFO"/>
<logger name="org.apache" level="INFO"/>
<logger name="org.eclipse.jetty" level="INFO"/>
<logger name="org.docx4j.utils.ResourceUtils" level="ERROR"/>
<logger name="org.docx4j.Docx4jProperties" level="ERROR"/>
<logger name="org.xlsx4j.jaxb.Context" level="ERROR"/>
<logger name="org.docx4j.utils.XSLTUtils" level="ERROR"/>
<logger name="org.docx4j.jaxb.JaxbValidationEventHandler" level="ERROR"/>
<logger name="org.docx4j.TraversalUtil" level="ERROR"/>
<logger name="org.docx4j.fonts" level="ERROR"/>
<!-- Begin Perf4J -->
<appender name="PerfStatFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDir}/perfstat.log</file>
<append>true</append>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDir}/perfstat.%d{yyyy-MM-dd}.log</fileNamePattern>
<maxHistory>5</maxHistory>
<cleanHistoryOnStart>true</cleanHistoryOnStart>
</rollingPolicy>
<encoder>
<pattern>%msg%n</pattern>
</encoder>
</appender>
<appender name="CoalescingStatistics" class="org.perf4j.logback.AsyncCoalescingStatisticsAppender">
<param name="TimeSlice" value="60000"/>
<appender-ref ref="PerfStatFile"/>
</appender>
<appender name="UIPerfStatFile" class="ch.qos.logback.core.rolling.RollingFileAppender">
<file>${logDir}/perfstat-ui.log</file>
<append>true</append>
<rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
<fileNamePattern>${logDir}/perfstat-ui.%d{yyyy-MM-dd}.log</fileNamePattern>
<maxHistory>5</maxHistory>
<cleanHistoryOnStart>true</cleanHistoryOnStart>
</rollingPolicy>
<encoder>
<pattern>%msg%n</pattern>
</encoder>
</appender>
<appender name="UICoalescingStatistics" class="org.perf4j.logback.AsyncCoalescingStatisticsAppender">
<param name="TimeSlice" value="120000"/>
<appender-ref ref="UIPerfStatFile"/>
</appender>
<logger name="org.perf4j.TimingLogger" additivity="false" level="INFO">
<appender-ref ref="CoalescingStatistics"/>
</logger>
<logger name="com.haulmont.cuba.gui.logging.UIPerformanceLogger" additivity="false" level="INFO">
<appender-ref ref="UICoalescingStatistics"/>
</logger>
<!-- End Perf4J -->
</configuration> |
Start application
You should start the FIXICC H2 from the command line with the following command:
Code Block | ||
---|---|---|
| ||
java -Dapp.home=/opt/fixicch2-home -jar /opt/fixicch2/app.jar |
Where:
- "/opt/fixicch2-home" is the directory with the local.app.properties file, you should type full path for the file;
- "/opt/fixicch2/" is the directory with the app.jar file, you should type the full path for the file.
HTTPS support
To enable HTTPS support on FIXICC H2, you need:
- Key and trust stores with TLS certificate and private key. Please refer to the
keytool
documentation for details on generating key stores - keytool. - Jetty configuration file with enabled HTTPS.
- Launch FIXICC H2 with an explicit path to the Jetty configuration:
java -Dapp.home=/path/to/fixicch2-home -jar /path/to/app.jar -jettyConfPath /path/to/jetty.xml
Below are two examples of HTTPS configuration, for the details please refer to Jetty : The Definitive Reference.
Combined HTTP and HTTPS Example
An example Jetty configuration file with both HTTP and HTTPS enabled is below.
Code Block | ||||
---|---|---|---|---|
| ||||
<Configure id="Server" class="org.eclipse.jetty.server.Server">
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server">
<Ref refid="Server"/>
</Arg>
<Set name="port">8080</Set>
</New>
</Arg>
</Call>
<Call name="addConnector">
<Arg>
<New class="org.eclipse.jetty.server.ServerConnector">
<Arg name="server">
<Ref refid="Server"/>
</Arg>
<Arg>
<New class="org.eclipse.jetty.util.ssl.SslContextFactory">
<Set name="keyStorePath">keystore.jks</Set>
<Set name="trustStorePath">keystore.jks</Set>
</New>
</Arg>
<Set name="port">8443</Set>
</New>
</Arg>
</Call>
</Configure>
|
This configuration file enables HTTP server on port 8080 (line 8) and HTTPS on port 8443 (line 24) with key and trust stores (lines 20-21).
HTTPS-Only Example
...
language | xml |
---|---|
linenumbers | true |
...
Table of Contents |
---|
Environment requirements
Hardware
A physical or virtual server with:
- 2 core CPU
- 2Gb RAM
- 40G storage
Software
- FIXICC H2 machine:
- RHEL 7 / RHEL 8
- OpenJDK 1.8
- Consul agent in client mode
- FIXEdge Cpp/Java machine:
- Consul agent in client mode
- On the network:
- PostgreSQL Database
- 1 user with DDL privileges (to run the database migration, can also be used to run normal FIXICC H2 operation)
- (Optional) 1 user without DDL privileges (to run normal FIXICC H2 operation)
- Consul cluster (can be deployed on the same machines as FIXEdge Cpp/Java or FIXICC H2)
- PostgreSQL Database
- Client workstations:
- Chrome browser
Preconfiguration
Before you start working with the FIXICC H2, install and configure the FIX Engine and Consul application.
Consul configuration
To find the Consul installation instructions, please follow this link.
For non-production use, you can run the Consul in developer mode with the command: consul agent -dev
.
For production use - please follow this link.
To configure the encrypted connection from FIXICC H2 to the Consul on the Consul side, please refer to this link.
FIXICC H2 settings
You should choose a directory on your workstation for FIXICC H2 files.
The FIXICC H2 instance is in the app.jar file. To complete the configuration, please create a local.app.properties file.
You can place the app.jar file for the FIXICC H2 application and local.app.properties (FIXICC H2 properties file) in the same directory, or store them separately.
Before you start your work, please set the database type for data storage.
The FIXICC H2 is compatible with PostgreSQL databases.
Please configure the FIXICC H2 according to the instance of the local.app.properties in your FIXICC H2 package, and set the following properties:
Name | Example value | Default Value | Description |
---|---|---|---|
*cuba.dbmsType | postgres |
| Type of the RDBMS |
cuba.dataSourceProvider | application |
| The value indicates that the data source must be configured using application properties |
*cuba.dataSource.username | C##CUBA |
| The username for the database |
*cuba.dataSource.password | cuba |
| The password for the database |
*cuba.dataSource.dbName | PTGSDB |
| The database name |
*cuba.dataSource.host | 10.68.21.182 |
| Host for the database |
*cuba.dataSource.port | 1521 |
| Port for the database |
| true |
| This property enables the use of HTTPS |
| 8501 |
| The number of the port configured for the Consul |
| false |
| Allows accepting the Consul's insecure certificate. Is not recommended to set "true" in production mode. |
fixicch2.fixServerType | FIXEdge CPP | all | Configures the type of the server to work with. Allowed values: FIXEdge CPP, FIXEdge Java, any other value means two types of supported servers. |
* - marks the mandatory parameter |
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
cuba.dbmsType = postgres
cuba.dataSourceProvider = application
cuba.dataSource.username = C##CUBA
cuba.dataSource.password =cuba
cuba.dataSource.dbName = PTGSDB
cuba.dataSource.host = 10.68.21.182
cuba.dataSource.port =1521
fixicch2.consul.encrypted_connection =true
fixicch2.consul.port =8501
fixicch2.consul.insecure_connection_enabled =false
fixicch2.fixServerType = FIXEdge CPP |
The following parameters can also be configurated through the "Application Properties" page on FIXICC H2:
Name | Example value | Default Value | Description |
---|---|---|---|
fixicch2.fixServerType | FIXEdge CPP | all | Configures the type of server to work with. Allowed values: FIXEdge CPP, FIXEdge Java, any other value means two types of supported servers. |
fixicch2.maxTimeToWaitServerStatusUpdate | 10 | 10 | Configures (in minutes) the max time slot for updating the server status from the Consul. If there were no events during the period, the Consul sends the response. The maximum value is 10 minutes. |
fixicch2.metricsUpdatePeriod | 1 | 1 | Configures (in seconds) the period for requesting metrics from FIXEdge |
fixicch2.mode | production | production | Marks the instance of the FIXICC H2 |
fixicch2.notificationTimeZone | UTC | UTC | Specifies the time zone to display the time of the notification |
fixicch2.pauseToReconnect | 2000 | 2000 | Specifies the pause between reconnection attempts |
Info |
---|
Notice: If the parameters from the table above were configured in the local.app.properties file, values from the file would be applied despite values changed through the "Application Properties" page |
Logging configuration
To configure the logging level for the FIXICC H2 application, please create a logback.xml file and put it in the same directory that the local.app.properties file is located in.
The logback.xml file is not mandatory.
For further information please refer to this link.
Code Block | ||||
---|---|---|---|---|
| ||||
<?xml version="1.0" encoding="UTF-8"?> <configuration debug="false" packagingData="true"> <property name="logDir" value="${app.home}/logs"/> <appender name="File" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDir}/app.log</file> <filter class="ch.qos.logback.classic.filter.ThresholdFilter"> <level>INFO</level> </filter> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> <!-- daily rollover --> <fileNamePattern>${logDir}/app.%d{yyyy-MM-dd}.log</fileNamePattern> <!-- keep 30 days' worth of history --> <maxHistory>5</maxHistory> <cleanHistoryOnStart>true</cleanHistoryOnStart> </rollingPolicy> <encoder> <pattern>%d{yyyy-MM-dd HH:mm:ss.SSS} %-5level [%thread%X{cubaApp}%X{cubaUser}] %logger - %msg%n</pattern> </encoder> </appender> <root> <appender-ref ref="File"/> </root> <!-- Begin CUBA --> <logger name="com.haulmont.cuba" level="INFO"/> <logger name="com.haulmont.cuba.core.sys" level="INFO"/> <logger name="com.haulmont.cuba.core.sys.CubaDefaultListableBeanFactory" level="WARN"/> <logger name="com.haulmont.cuba.core.app.scheduling" level="INFO"/> <logger name="com.haulmont.cuba.web.sys" level="INFO"/> <logger name="com.haulmont.cuba.portal" level="INFO"/> <logger name="com.haulmont.restapi.sys" level="INFO"/> <logger name="com.haulmont.cuba.core.app.LockManager" level="INFO"/> <!-- End CUBA --> <logger name="eclipselink" level="WARN"/> <logger name="eclipselink.sql" level="INFO"/> <logger name="org.springframework" level="WARN"/> <logger name="com.vaadin" level="WARN"/> <logger name="org.atmosphere" level="WARN"/> <logger name="org.activiti" level="INFO"/> <logger name="org.jgroups" level="INFO"/> <logger name="freemarker" level="INFO"/> <logger name="org.thymeleaf.TemplateEngine" level="INFO"/> <logger name="com.zaxxer.hikari" level="INFO"/> <logger name="org.docx4j" level="WARN"/> <logger name="org.xlsx4j" level="WARN"/> <logger name="org.apache.fop.apps.FOUserAgent" level="WARN"/> <logger name="org.hibernate" level="WARN"/> <logger name="sun" level="INFO"/> <logger name="com.sun" level="INFO"/> <logger name="javax" level="INFO"/> <logger name="org.apache" level="INFO"/> <logger name="org.eclipse.jetty" level="INFO"/> <logger name="org.docx4j.utils.ResourceUtils" level="ERROR"/> <logger name="org.docx4j.Docx4jProperties" level="ERROR"/> <logger name="org.xlsx4j.jaxb.Context" level="ERROR"/> <logger name="org.docx4j.utils.XSLTUtils" level="ERROR"/> <logger name="org.docx4j.jaxb.JaxbValidationEventHandler" level="ERROR"/> <logger name="org.docx4j.TraversalUtil" level="ERROR"/> <logger name="org.docx4j.fonts" level="ERROR"/> <!-- Begin Perf4J --> <appender name="PerfStatFile" class="ch.qos.logback.core.rolling.RollingFileAppender"> <file>${logDir}/perfstat.log</file> <append>true</append> <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy"> <fileNamePattern>${logDir}/perfstat.%d{yyyy-MM-dd}.log</fileNamePattern> <maxHistory>5</maxHistory> <cleanHistoryOnStart>true</cleanHistoryOnStart> </rollingPolicy> <encoder> <pattern>%msg%n</pattern> </encoder> </appender> <appender name="CoalescingStatistics" class="org.perf4j.logback.AsyncCoalescingStatisticsAppender"> <param <Arg name="server"name="TimeSlice" value="60000"/> <Ref refid="Server<appender-ref ref="PerfStatFile"/> </appender> <appender name="UIPerfStatFile" class="ch.qos.logback.core.rolling.RollingFileAppender"> </Arg> <file>${logDir}/perfstat-ui.log</file> <append>true</append> <Arg> <New <rollingPolicy class="orgch.eclipseqos.jettylogback.utilcore.sslrolling.SslContextFactoryTimeBasedRollingPolicy"> <fileNamePattern>${logDir}/perfstat-ui.%d{yyyy-MM-dd}.log</fileNamePattern> <Set name="keyStorePath">keystore.jks</Set> <maxHistory>5</maxHistory> <cleanHistoryOnStart>true</cleanHistoryOnStart> <Set name="trustStorePath">keystore.jks</Set> </rollingPolicy> <encoder> </New> <pattern>%msg%n</pattern> </encoder> </Arg>appender> <appender <Set name="port">8443</Set> </New> </Arg> </Call> </Configure>name="UICoalescingStatistics" class="org.perf4j.logback.AsyncCoalescingStatisticsAppender"> <param name="TimeSlice" value="120000"/> <appender-ref ref="UIPerfStatFile"/> </appender> <logger name="org.perf4j.TimingLogger" additivity="false" level="INFO"> <appender-ref ref="CoalescingStatistics"/> </logger> <logger name="com.haulmont.cuba.gui.logging.UIPerformanceLogger" additivity="false" level="INFO"> <appender-ref ref="UICoalescingStatistics"/> </logger> <!-- End Perf4J --> </configuration> |
Start application
Start the FIXICC H2 from the command line with the following command:
Code Block | ||
---|---|---|
| ||
java -Dapp.home=/opt/fixicch2-home -jar /opt/fixicch2/app.jar |
This will start FIXICC H2 on port 8080, you can access it by browsing to http://fixicc-h2-machine:8080/app.
Where:
- "/opt/fixicch2-home" is the directory with the local.app.properties file, you should type the full path for the file;
- "/opt/fixicch2/" is the directory with the app.jar file, you should type the full path for the file.
Changing FIXICC H2 port
To run FIXICC H2 on another HTTP port you need to specify the {{fixicch2.http_port}} Java system property, e.g. to run FIXICC H2 on port 9090, you should start the FIXICC H2 from the command line with the following command:
Code Block | ||
---|---|---|
| ||
java -Dapp.home=/opt/fixicch2-home -Dfixicch2.http_port=9090 -jar /opt/fixicch2/app.jar |
HTTPS support
To run FIXICC H2 with HTTPS support you need to provide it with key store and trust store in JKS format. For production installations, you need to create JKS from the certificate and private key provided by a trusted certificate authority.
For testing purposes, you can generate a self-signed certificate by yourself.
Code Block | ||||
---|---|---|---|---|
| ||||
keytool -genkey
-noprompt
-alias jetty
-keyalg RSA
-dname 'CN=admin, OU=EPM-BFIX, O=EPAM Systems, L=Unknown, S=Unknown, C=Unknown'
-keystore keystore.jks
-storepass fixicch2
-keypass fixicch2 |
Info |
---|
Note here the name of the file ( |
To run FIXICC H2 with HTTPS enabled, you need to provide the following parameters:
Name | Example value | Where | Description |
---|---|---|---|
fixicch2.secure_http_port | 8443 | Java system property | HTTPS port to listen |
fixicch2.key_store_path | keystore.jks | Java system property | Path to key store (jks file) |
fixicch2.trust_store_path | keystore.jks | Java system property | Path to trust store (jks file). This is used if validating client certificates and is typically set to the same path as the keystore |
FIXICC_H2_KEY_STORE_PASSWORD | fixicch2 | Environment variable | Key store password in plain text |
FIXICC_H2_KEY_MANAGER_PASSWORD | fixicch2 | Environment variable | Key Manager password |
FIXICC_H2_TRUST_STORE_PASSWORD | fixicch2 | Environment variable | Trust store password |
For details on these paramters please refer to the Jetty 9 Documentation on parameters keyStorePath
, keyStorePassword
, keyManagerPassword
, trustStorePath
, and trustStorePassword
.
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
export FIXICC_H2_KEY_STORE_PASSWORD=fixicch2
export FIXICC_H2_KEY_MANAGER_PASSWORD=fixicch2
export FIXICC_H2_TRUST_STORE_PASSWORD=fixicch2
java -Dapp.home=/opt/fixicch2-home
-Dfixicch2.secure_http_port=8433
-Dfixicch2.key_store_path=keystore.jks
-Dfixicch2.trust_store_path=keystore.jks
-jar /opt/fixicch2/app.jar |
LDAP authentication
To configure the FIXICC H2 authentication via LDAP you can follow the following instruction:
- Deploy the LDAP server
Set the following properties in the local.app.properties file:
Name Example value Default value Description ldap.contextSourceUrl
ldap://localhost:389
ldap://localhost:10389
Defines a URL for reaching the LDAP server ldap.contextSourceUserName
cn=admin,dc=epm-bfix,dc=local
uid=admin,ou=system
Indicates a username (principal) used for authentication. This is normally the distinguished name of the admin user.
ldap.contextSourceBase
dc=epm-bfix,dc=local
dc=springframework,dc=org
Defines a base DN. If configured, all operations on contexts retrieved from ContextSource will be relative to this DN. By default, an empty name is set (i.e. all operations are related to the directory root).
ldap.contextSourcePassword
ADMIN_PASSWORD
secret
Defines a password used for authentication. Login with default parameters for the first time. Then you can change the password in env docker-compose. ldap.referral
follow
follow
Defines the strategy to handle referrals, as described in this documentation ldap.sessionExpiringPeriodSec
120
30
Indicates a period in seconds after which the system terminates a user session if you deactivate the user or assign a new access group/matching rules to them ldap.userSynchronizationBatchSize
100
100
Defines the number of users that can be synchronized during the execution of the synchronizeUsersFromLdap()
scheduled taskldap.userSynchronizationOnlyActiveProperty
true
true
If set to true
, thesynchronizeUsersFromLdap()
scheduled task updates only the value of the Active attribute. Otherwise, the system updates all user details.ldap.cubaGroupForSynchronization
Company
Company
Defines access groups that are checked when the system executes the synchronizeUsersFromLdap()
scheduled task.ldap.cubaGroupForSynchronizationInverse
false
false
If set to true
, the system checks all groups when executing thesynchronizeUsersFromLdap()
scheduled task (except for the ones specified inldap.cubaGroupForSynchronization
)ldap.synchronizeCommonInfoFromLdap
true
true
If set to true
, thesynchronizeUsersFromLdap()
scheduled task updates the values of the following user attributes in accordance with their state on the LDAP server side: Email, Name, First name, Last name, Middle name, Position, Language)cuba.web.standardAuthenticationUsers
admin, anonymous
admin, anonymous
Defines users that can log in to the system using standard CUBA credentials ldap.expiringSessionNotificationCron
*/10 * * * * *
*/10 * * * * *
Defines the cron expression for retrieving expired sessions from the middleware layer ldap.addonEnabled
true
false
If set to true
, the LDAP add-on is enabledldap.expiringSessionsEnable
true
true
If set to true
, the system sends notifications to inform the user that their session is about to expire- If the group and user weren't set earlier you should create a posix group and a user in LDAP
- Start the FIXICC H2
- Select Administration > LDAP > LDAP Config in the menu on the left-side (items 1→2→3 in the figure below)
- Check the connection by clicking Test Connection (item 4 in the figure below)
Figure. The "Test Connection" button. - If the connection is successful, the FIXICC H2 will show the following message:
Figure. The successful LDAP connection. - Go to the LDAP Matching Rules page by clicking LDAP Matching Rules
- Select the default rule in the table and click Edit or press Enter on your keyboard to edit the default rule
Figure. The "LDAP Matching Rules" page. - Add the Role - system-full-access or your own role (in this case, the role's permissions must provide access to Allow all screens):
- Click Add (see below):
Figure. The "Add" button for adding the permissions. - Select the Role in the table (item 1 in the figure above)
- Confirm your choice by clicking Select (item 2 in the figure above)
- Logout by clicking the arrow at the bottom of the left-side menu (see below)
Figure. The "Logout" button. - Login with the user's data whose role was added to the LDAP Matching Rules