Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Indeed PAM Core
| Warning | ||
|---|---|---|
| ||
Все URL указываются в нижнем регистре. Формат json не допускает наличия комментариев в файле, поэтому необходимо удалить строки, начинающиеся с символов "//" |
| Warning |
|---|
You need to recycle Indeed.PAM.Core application pool in IIS Manager after every change to the configuration file. |
| Note | ||
|---|---|---|
| ||
URL example: https://pam.domain.local/pam/core |
Go to C:\inetpub\wwwroot\pam\core folder and edit appsettings.json file::
ConnectionStrings
- PamCore - IPAMCore database connection string
- JobsQueue - IPAMJobs database connection string
Connection String parameters:
- Server - DBMS server name or named instance
- Database - Database name
- User ID - account to use with Database
Password - account password
Code Block language js "ConnectionStrings": { "PamCore": "Server=sql.domain.local;Database=IPAMCore;Integrated Security=False;User ID=IPAMSQLServiceOps;Password=password", "JobsQueue": "Server=sql.domain.local;Database=IPAMTasks;Integrated Security=False;User ID=IPAMSQLServiceOps;Password=password" },Warning icon false If using a Named Instance of Microsoft SQL Server, the value of the Server parameter must be specified in the Server Name\\Named instance format.
Code Block language js "PamCore": "Server=sql\\instance; ..."
Database
Provider - DBMS provider
- mssql - Microsoft SQL Server
- pgsql - PostgreSQL, PostgreSQL Pro
Auth
- IdpUrls - Indeed PAM IdP URL address
ApiSecret - Secret for component authentication purpose
Excerpt Include Configuration Configuration nopanel true PamGatewayIpAddresses - Indeed PAM Gateway and SSH PROXY IP Addresses
Code Block language js "Auth": { "IdpUrls": [ "https://pam.domain.local/pam/idp" ], "ApiSecret": "Nkq26+pScsle+rDZ4q77+bITcgFO1wKrCGBHa/EqsthQFn9p5K5TBHlEOJw1MGU1PVvjaNlWobxipvsAreQBNA==", "PamGatewayIpAddresses": "192.168.48.155, 192.168.48.202", "GatewayCertificateValidation": { "Enabled": false, "Filter": "" } },
Секция Encryption
- Algorithm - encryption algorithm
- Key - encryption key
| Note | ||
|---|---|---|
| ||
The encryption key is generated by the IndeedPAM.KeyGen.exe utility, which is the part of the Indeed PAM distribution and is located in the /Misc directory. |
| Code Block | ||
|---|---|---|
| ||
"Encryption": {
"Algorithm": "AES",
"HashAlgorithm": "SHA512",
"Key": "4258egk74n834rr93bf458813l7618wq7f1jei9a58915pk511z63n5j0svt1m1o8",
"MediaFiles": {
"Algorithm": "AES"
}
}, |
LogServer
- Directory - temporary folder for recording events
Url - Indeed Log Server API URL address
Code Block language js "LogServer": { "AppId": "pam", "Component": "server", "EventCache": { "Directory": "C:\\ILS", "SendingIntervalSec": 10 }, "Server": { "Url": "https://pam.domain.local/ls/api", "Certificate": { "Thumbprint": "", "FilePath": "", "FilePassword": "" } } },
ManagementConsole
Url - management console URL address
Code Block language js "ManagementConsole": { "Url": "https://pam.domain.local/pam/mc" },
UserCatalog
- ServerName - is the DNS name of Domain Controller that performs Global Catalog function
- ContainerPath - is the Distinguished name of Container or OU to be used as Active Directory user directory
- UserName - service account for working with Active Directory user directory
- Password - service account passwordпароль учётной записи
| Code Block | ||
|---|---|---|
| ||
"UserCatalog": {
"RootProvider": "ad",
"Providers": {
"ActiveDirectory": [
{
"Id": "ad",
"ServerName": "domain.local",
"ContainerPath": "DC=domain,DC=local",
"UserName": "IPAMADReadOps",
"Password": "password",
"UserMapRules": {
"Settings": [
{
"Category": "person",
"Class": "user"
}
]
}
}
]
}
} |
| Backtotop | ||||
|---|---|---|---|---|
|
| Divbox | ||||
|---|---|---|---|---|
| ||||
|