Modify the iChainAppConfig.txt configuration file to match your environment. Make sure this configuration file resides in the same file system directory as the servlets.
In order for the servlets to get the user identity and credential information (via the Authorization section of the HTTP header), you must enable the Forward authentication information to web server authentication option on the iChain Proxy Server for the Web server running the servlets.
The servlets are optimized for use with iChain versions 2.0 and higher. This means that the work of user authentication is offloaded to the iChain Proxy Server rather than having the servlets themselves perform user authentication. Of the four servlets, iChainAddUser and iChainChallenge are designed for configuration as iChain "public" resources, while the other four, iChainModifyUser, iChainPasswordChange, iChainPasswordMgr, and iChainChallengeChange, are designed for configuration as "restricted" or "secure" resources (where authentication is required before access is granted).
The four restricted or secure servlets extract the user's identity from the Base 64-encoded Authorization section of the HTTP header (which is populated by the iChain Proxy Server after the user authenticates).
To set up the Password Manager servlet, point to the servlet from the iChain Proxy Server by clicking Configure, and then clicking the Access Control tab in the Password Management Servlet URL field (from the proxy server Web administration GUI). Use the full HTTP URL. For example:
http://ichain.provo.novell.com/servlet/iChainPasswordMgr
NOTE: The DNS name used is the public DNS name of the iChain server, not the Web server's DNS name.
In order to use double-byte passwords with iChain, the passwords need to be in UTF-8 format. Currently there is not a way to set passwords directly using UTF-8 format, however, the servlets can be modified to set the password using this format.
Below is a sample code of the modifications necessary to modify the iChainAddUser servlet to set the user name and password in UTF:
Line
311 From: resp.setContentType("text/html");
To: resp.setContentType("text/html; CHARSET=utf-8");
347 From: out.println("<FORM action=\"/servlet/iChainAddUser\" method=\"POST\">");
To: out.println("<FORM action=\"/servlet/iChainAddUser\" method=\"POST\" ENCTYPE=\"application/x-www-form-urlencoded\">");
447 From: resp.setContentType("text/html");
To: resp.setContentType("text/html; CHARSET=utf-8");
608 From: attributeSet.add( new LDAPAttribute(ldapName, req.getParameter(ldapName)) );
To: attributeSet.add( new LDAPAttribute(ldapName, new String(req.getParameter(ldapName).getBytes(), "UTF-8")));
646 From: String userDN = "cn=" + req.getParameter("cn") + "," + usersContainer;
To: String userDN = "cn=" +req.getParameter("cn") + "," + usersContainer;
<Add new line after 646>
userDN = new String(userDN.getBytes(), "UTF-8");
657 From: out.println(msgSuccessAddUser + ": " + userDN + " (" + req.getParameter("givenName") + " " + req.getParameter("sn") + ")");
To: out.print(msgSuccessAddUser + ": " + new String(userDN.getBytes("UTF-8")) + " (" + req.getParameter("givenName") + " " + req.getParameter("sn") + ")");
709 From: String tmpString = req.getParameter(ldapName);
To: String tmpString = new String(req.getParameter(ldapName).getBytes(), "UTF-8");
722 From: auxClassSet.add( LDAPModification.REPLACE, new LDAPAttribute(ldapName, req.getParameter(ldapName)) );
To: auxClassSet.add( LDAPModification.REPLACE, new LDAPAttribute(ldapName, new String(req.getParameter(ldapName).getBytes(), "UTF-8")) );
The iChain servlets are on the iChain Authorization Server CD in the \servlets directory. All servlets in the \servlets directory would need similar modifications to work with double-byte passwords.
NOTE: If you save double-byte passwords using the UTF-8 format, other applications that use the passwords (such as the Novell Client) will not work.
There are many different OS and servlet engine environments. It would be virtually impossible to document the installation of the Novell Java LDAP (JLDAP) libraries for every environment combination. Refer to the installation documents that come with the JLDAP libraries for a complete installation reference.
If the servlet container conforms to Java Servlet 2.2 specification or later, copy the ldap.jar file to the webapps/ROOT/WEB-INF/lib directory. If it does not conform to Java servlet 2.2 specification or later, and if otherwise is required, add the location of the ldap.jar file to the servlet container classpath.
The following examples are provided for your convenience.
NOTE: The iChain Proxy Server includes a novell-ldap.jar file.
The Novell Servlet Gateway should already be installed. See the Novell NDK Web site to download and install the servlet gateway.
Verify that the functionality of the gateway by running a servlet such as SnoopServlet.
Verify that the server has the current support pack.
Check the version of JAVA.NLM. If it is earlier than version 1.2.2, you will need to update it. You should also install Novell JVM for NetWare v1.2.2 or higher, also available at the Novell NDK Web site.
Install the LDAP Class Libraries for Java on the NetWare server. This will place ldap.jar in the sys:\java\lib directory.
Follow the installation instructions to add the following to your classpath in the sys:\etc\java.cfg file:
SERVLETCLASSPATH=\java\lib\rt.jar;sys:\java\bin\i18n.jar
SERVLETCLASSPATH=$SERVLETCLASSPATH;\java\lib\ldap.jar
SERVLETCLASSPATH=$SERVLETCLASSPATH;\java\lib\servgate.jar
SERVLETCLASSPATH=$SERVLETCLASSPATH;\java\lib\jsdk.jar
Place the seven servlets (iChainAddUser.class, iChainModifyUser.class, iChainPasswordChange.class, iChainPasswordMgr.class, iChainChallenge.class, iChainChallengeChange.class, and iChainAddUser$ISOPasswordTemplate.class) in the sys:\java\servlets directory.
Place the iChainAppConfig.txt configuration file in the same directory, then modify it (see Setting Up the Servlets).
Place the top.gif image file at the root documents directory (SYS:\Novonyx.suitespot\docs).
Tomcat on NetWare 6 conforms to servlet 2.2 and the above specifications. In this case, it is possible to have different libraries for different Web applications, therefore avoiding conflicts with various Tomcat-consuming installations. Use the following instructions to allow eGuide, iManager, and the iChain servlets to operate on the same NetWare 6 server:
Verify that Tomcat is functioning properly. You can do this by accessing a servlet in the sys:\tomcat\33\webapps\Root\web-inf\classes directory, such as SnoopServlet.
Install the LDAP Class Libraries for Java on the NetWare 6 server.
Copy the Novell ldap.jar file (from the servlets subdirectory on the iChain CD) to the sys:tomcat/33/webapps/ROOT/WEB-INF/lib directory.
Place the seven servlets (iChainAddUser.class, iChainModifyUser.class, iChainPasswordChange.class, iChainPasswordMgr.class, iChainChallenge.class, iChainChallengeChange.class, and iChainAddUser$ISOPasswordTemplate.class) in the sys:\tomcat\33\webapps\Root\web-inf\classes directory.
Place the iChainAppConfig.txt configuration file in the same directory, then modify it (see Setting Up the Servlets).
Place the top.gif image file at the root documents directory (sys:\apache\htdocs).
NOTE: In cases other than NetWare 6, if the servlet container does not conform to Java Servlet 2.2 specification or later, and is otherwise required, add the location of the ldap.jar file to the servlet container classpath.
Although the iChain User Services are functional and usable right out of the box, complete source code for the servlets is included for customers who require more functionality or more customization than is provided with the core user services.