Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
| Tip | ||
|---|---|---|
| ||
Indeed PAM Core can work as the part of an Active-Active failover cluster. Failover requires one or several additional Indeed PAM Core servers. Load balancing is performed using the HAProxy load balancer. To configure a fault-tolerant configuration, you must contact technical support support@indeed-id.com |
IIS
- Run IIS and switch to Default Web Site
- Select the api application and open the Configuration Editor from Management section
- Open the Section: drop-down list and select system.webServer - serverRuntime item
- Set the uploadReadAheadSize parameter to value of 1048576
- Click Apply in Actions section
Indeed PAM Core
IIS
- Запустите Internet Information Services (IIS) Manager и раскройте пункт Сайты (Sites).
- Выберите сайт Indeed.PAM.ApiServer и нажмите Привязки (Bindings) в разделе Действия (Actions).
- Нажмите Добавить (Add):
- Тип (Type) - https
- Порт (Port) - 4000
- Выберите SSL-сертификат (SSL Certificate)
- Сохраните привязку
| Warning | ||
|---|---|---|
| ||
Все URL-адреса указываются в нижнем регистре. | ||
All URLs are specified in lowercase. |
Перейдите в каталог Switch to C:\inetpub\wwwroot\Indeed.PAM.ApiServer, откройте для редактирования файл api folder and edit web.config и заполните секции file:
<logServer … />:
- Url - адрес API единого журнала событий
- CertificateThumbprint - отпечаток сертификата (оставить без изменений)
- CertificateFilePath - путь до сертификата (оставить без изменений)
CertificateFilePassword - пароль от контейнера с закрытым ключом сертификата (оставить без изменений)
- API URL for the uniform event log
| Code Block |
|---|
<logServer Url="http://logserver.indeed-id.demolocal/ils/api" CertificateThumbprint="" CertificateFilePath="" CertificateFilePassword="" /> |
<logServerClient … />:
- EventCacheDirectory - a temporary folder for event writing
| Code Block | ||||
|---|---|---|---|---|
| ||||
<logServerClient AppId="pam" Component="server" EventCacheDirectory="C:\Temp\ILS\Core\EventCacheDirectory" LogServerTargetConfigFile="" EventCacheSendingIntervalSec="10"/> |
<encryptionSettings ... />:
- cryptoAlgName - название алгоритма шифрования is the name of encryption algorithm
- cryptoKey - ключ шифрования is encryption key
| Note | ||
|---|---|---|
| ||
Ключ шифрования генерируется утилитой The encryption key is generated by the IndeedPAM.KeyGen.exe , которая входит в состав дистрибутива Indeed PAM и располагается в каталоге /Miscutility, which is the part of the Indeed PAM distribution and is located in the /Misc directory. |
| Code Block |
|---|
<encryptionSettings cryptoAlgName="DES" cryptoKey="ee07d84ad974e4d733115163ljgnl1h3r353fd183kk2223ea06v76ht457t2l8" /> |
- AppId - id приложения
- Component - компонент (оставить без изменений)
- EventCacheDirectory - временный каталог для записи событий
| Code Block | ||||
|---|---|---|---|---|
| ||||
<logServerClient AppId="pam" Component="server" EventCacheDirectory="c:\temp" /> |
<adUserCatalogProvider> … </adUserCatalogProvider>:
<adUserCatalogProvider ... >:
- serverName - is the DNS name of Domain Controller that performs Global Catalog function
- containerPath - is the LDAP path to container or unit to be used as Active Directory user directory
- userName - service account for working with Active Directory user directory
- Password - service account password
- id - идентификатор провайдера (оставить без изменений)
- serverName - полное DNS-имя контроллера домена
- containerPath - LDAP-путь домена, контейнера или подразделения с пользователями
- userName - сервисная учётная запись для работы каталогом пользователей Active Directory
- Password - пароль сервисной учётной записи
| Code Block | ||||
|---|---|---|---|---|
| ||||
<adUserCatalogProvider id="ad" serverName="dc.indeed-id.demolocal" containerPath="ouOU=headorganization officeunit,dcDC=indeed-id,dcDC=demolocal" userName="pamadministratorIPAMManager" password="Q1w2e3r4"> <userMapRules> <objectTypeSettings> <objectSetting category="person" class="user"></objectSetting> </objectTypeSettings> </userMapRules> </adUserCatalogProvider>password"> |
<connectionStrings> ... </connectionStrings>:
- <add name="DBConnection" ... />:
- Data Source -
- Microsoft SQL Server Name or Instance Name
- Initial Catalog
- - database Name (IPAMCore)
- User ID - service account to use with Indeed PAM databases
- Password - service account password
- <add name="JobsQueueConnectionString" ... />:
- Data Source - Microsoft SQL Server Name or Instance Name
- Initial Catalog - database Name (IPAMTasks)
- User ID - service account to use with Indeed PAM databases
- Password - service account password
An example of connecting to a Microsoft SQL Server database
Password - пароль сервисной учётной записи| Code Block | ||||
|---|---|---|---|---|
| ||||
<connectionStrings> <add name="DBConnection" connectionString="Data Source=MSSQLServer;Initial Catalog=IPAMCore;Integrated Security=False;User ID=IPAMSQLService;Password=password" providerName="System.Data.SqlClient" /> <add name="JobsQueueConnectionString" connectionString="Data Source=sqlserverMSSQLServer;Initial Catalog=apipamIPAMTasks;Integrated Security=False;User ID=sqlservicepamIPAMSQLService;Password=123456password" providerName="System.Data.SqlClient" /> </connectionStrings> |
An example of connecting to a PostgreSQL Pro database
| Warning | ||
|---|---|---|
| ||
In the connection string, you need to replace the providerName=''System.Data.SqlClient' with the providerName=''Npgsql' |
| Code Block | ||||
|---|---|---|---|---|
| ||||
<connectionStrings> <add name="DBConnection" connectionString="Data Source=PostgreSQLProServer;Initial Catalog=IPAMCore;Integrated Security=False;User ID=IPAMSQLService;Password=password" providerName="Npgsql" /> <add name="JobsQueueConnectionString" connectionString="Data Source=sqlserver\SQLEXPRESS; ... " =PostgreSQLProServer;Initial Catalog=IPAMTasks;Integrated Security=False;User ID=IPAMSQLService;Password=password" providerName="Npgsql" /> </connectionStrings> |
For PostgreSQL Pro, in the <appSettings> ...
/>:value - URL адрес Indeed PAM IDP</appSettings> section, add the line
| Code Block | ||||
|---|---|---|---|---|
| ||||
<appSettings> ... <add key="IdpUrlDBMS" value="https://pam.indeed.demo:4003"/> |
<add key="PamProxyIpAddresses" … />:
- value - IP-адрес сервера Indeed PAM Gateway
| Code Block | ||||
|---|---|---|---|---|
| ||||
<add key="PamProxyIpAddresses" value="192.168.0.100" /> |
PostgreSQL" />
</appSettings> |
| Warning | ||
|---|---|---|
| ||
If using a Named Instance of Microsoft SQL Server, the value of the Data Source parameter must be specified in the <Server Name>\<Named instance> format.
|
<add key="IdpUrl" <add key="TempVideoDirectory" ... />:
- value - каталог для временных файловURL Indeed PAM IdP
| Code Block | ||||
|---|---|---|---|---|
| ||||
<add key="TempVideoDirectoryIdpUrl" value="C:\temp\" https://pam.indeed-id.local/idp"/> |
<add key="FileStorageDirectoryPamProxyIpAddresses" … />:
- value - адрес сетевого или локального хранилища видеозаписей
- Indeed PAM Gateway server IP address
| Code Block | ||||
|---|---|---|---|---|
| ||||
<add key="FileStorageDirectoryPamProxyIpAddresses" value="\\Storage\Video192.168.0.100" /> |
| Backtotop | ||||
|---|---|---|---|---|
|