Versions Compared
compared with
Key
- This line was added.
- This line was removed.
- Formatting was changed.
| Tip | ||
|---|---|---|
| ||
Indeed PAM Core can work as the part of an Active-Active failover cluster. Failover requires one or several additional Indeed PAM Core servers. Load balancing is performed using the HAProxy load balancer. To configure a fault-tolerant configuration, you must contact technical support support@indeed-id.com |
IIS
- Run IIS and switch to Default Web Site
- Select the api application and open the Configuration Editor from Management section
- Open the Section: drop-down list and select system.webServer - serverRuntime item
- Set the uploadReadAheadSize parameter to value of 1048576
- Click Apply in Actions section
Indeed PAM Core
| Warning | ||
|---|---|---|
| ||
All URLs are specified in lowercase. |
Настройка API
Перейдите в каталог Switch to C:\inetpub\wwwroot\Indeed.PAM.ApiServer и откройте для редактирования файл api folder and edit web.config.Заполните секции file:
<logServer … />:
- Url -
- API URL for the uniform event log
| Code Block |
|---|
<logServer |
Пример: <logServer
Url="http://logserver.indeed-id. |
local/ils/api" CertificateThumbprint="" CertificateFilePath="" CertificateFilePassword="" /> |
<logServerClient … />:
- EventCacheDirectory - a temporary folder for event writing
| Code Block | ||||
|---|---|---|---|---|
| ||||
<logServerClient |
Пример: <logServerClient
AppId="pam" Component="server" EventCacheDirectory=" |
C:\ |
Temp\ILS\Core\EventCacheDirectory" LogServerTargetConfigFile="" EventCacheSendingIntervalSec="10"/> |
<encryptionSettings ... />:
- cryptoAlgName - is the name of encryption algorithm
- cryptoKey - is encryption key
| Note | ||
|---|---|---|
| ||
The encryption key is generated by the IndeedPAM.KeyGen.exe utility, which is the part of the Indeed PAM distribution and is located in the /Misc directory. |
| Code Block |
|---|
<encryptionSettings cryptoAlgName="DES" cryptoKey="ea06v76ht457t2l8" /> |
<adUserCatalogProvider ... >:
- serverName - is the DNS name of Domain Controller that performs Global Catalog function
- containerPath - is the LDAP path to container or unit to be used as Active Directory user directory
- userName - service account for working with Active Directory user directory
- Password - service account password
| Code Block | ||||
|---|---|---|---|---|
| ||||
<adUserCatalogProvider id="ad" serverName="dc.indeed-id.local" containerPath="OU=organization unit,DC=indeed-id,DC=local" userName="IPAMManager" password="password |
Пример: <adUserCatalogProvider id="ad" serverName="dc.domain.demo" containerPath="ou=organizational unit,dc=domain,dc=demo" userName="servicePAM" password="123456
"> |
<connectionStrings> ... </connectionStrings>:
- <add name="DBConnection" ... />:
- Data Source -
- Initial Catalog - имя БД API.
- Integrated Security - тип проверка подлинности.
- User ID - имя пользователя. Password - пароль.
- Microsoft SQL Server Name or Instance Name
- Initial Catalog - database Name (IPAMCore)
- User ID - service account to use with Indeed PAM databases
- Password - service account password
- <add name="JobsQueueConnectionString" ... />:
- Data Source - Microsoft SQL Server Name or Instance Name
- Initial Catalog - database Name (IPAMTasks)
- User ID - service account to use with Indeed PAM databases
- Password - service account password
Пример: <add
An example of connecting to a Microsoft SQL Server database
| Code Block | ||||
|---|---|---|---|---|
| ||||
<connectionStrings> <add name="DBConnection" connectionString="Data Source= |
MSSQLServer;Initial Catalog= |
IPAMCore;Integrated Security=False;User ID= |
IPAMSQLService;Password= |
password" providerName="System.Data.SqlClient" |
Примечание: В случае использования SQL Express параметр подключения к серверу необходимо задавать в формате <имя сервера SQL >\<имя инстанса SQL>.
Пример: <ConnectionString>Data Source=sqlserver\SQLEXPRESS; … </ConnectionString>
<add key="Auth0Domain" … />value - полное DNS-имя ПК на котором установлен IDP с указанием порта по которому он доступен (заполняется после установки IDP).
Пример: <add key="Auth0Domain" value="https://pam.indeed.demo:4003" />
<add key="PamProxyIpAddresses" … />value - IP-адрес Proxy (заполняется после установки Proxy)
Пример: <add key="PamProxyIpAddresses" value="192.168.0.100" />
<add key="TempVideoDirectory" ... />value - каталог для временных файлов видеозаписи сессии пользователя.
Пример: <add key="TempVideoDirectory" value="c:\temp\" />
Примечание: На указанный каталог необходимо выдать полные права для пула приложений API. Откройте Свойства (Properties) каталога и перейдите на вкладку Безопасность (Security). Нажмите Редактировать (Edit...), затем Добавить (Add..). Нажмите Размещение... (Location) и выберите локальный ПК. Введите имя локальной учётной записи IIS AppPool\Indeed.PAM.ApiServer или IIS_IUSRS (если используется IIS 7.0), нажмите Проверить имя (Check Names) и ОК Установите права Полный доступ (Full control) и нажмите Применить (Apply).
/>
<add name="JobsQueueConnectionString" connectionString="Data Source=MSSQLServer;Initial Catalog=IPAMTasks;Integrated Security=False;User ID=IPAMSQLService;Password=password" providerName="System.Data.SqlClient" />
</connectionStrings> |
An example of connecting to a PostgreSQL Pro database
| Warning | ||
|---|---|---|
| ||
In the connection string, you need to replace the providerName=''System.Data.SqlClient' with the providerName=''Npgsql' |
| Code Block | ||
|---|---|---|
| ||
<connectionStrings>
<add name="DBConnection" connectionString="Data Source=PostgreSQLProServer;Initial Catalog=IPAMCore;Integrated Security=False;User ID=IPAMSQLService;Password=password" providerName="Npgsql" />
<add name="JobsQueueConnectionString" connectionString="Data Source=PostgreSQLProServer;Initial Catalog=IPAMTasks;Integrated Security=False;User ID=IPAMSQLService;Password=password" providerName="Npgsql" />
</connectionStrings> |
For PostgreSQL Pro, in the <appSettings> ... </appSettings> section, add the line
| Code Block | ||
|---|---|---|
| ||
<appSettings>
...
<add key="DBMS" value="PostgreSQL" />
</appSettings> |
| Warning | ||
|---|---|---|
| ||
If using a Named Instance of Microsoft SQL Server, the value of the Data Source parameter must be specified in the <Server Name>\<Named instance> format.
|
<add key="IdpUrl" ... />:
- value - URL Indeed PAM IdP
| Code Block | ||||
|---|---|---|---|---|
| ||||
<add key="IdpUrl" value="https://pam.indeed-id.local/idp"/> |
<add key="PamProxyIpAddresses" … />:
- value - Indeed PAM Gateway server IP address
| Code Block | ||||
|---|---|---|---|---|
| ||||
<add key="PamProxyIpAddresses" value="192.168.0.100" /> |
| Backtotop | ||||
|---|---|---|---|---|
|
Пример: <add key="FileStorageDirectory" value="c:\temp\" /> Примечание: (см. примечание в п. 8)
<add key="DomainAdminGroupNames" … />value - distinguishedName группы Active Directory, используется для получения административных аккаунтов из домена Active Directory. В репозиторий аккаунтов PAM будут добавлены все пользователи чьё вхождение будет обнаружено в указанную группу.
Пример: <add key="DomainAdminGroupNames" value="CN=Domain Admins,CN=Users,DC=domain,DC=demo" />