You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

IIS

  1. Run IIS and switch to Default Web Site\pam
  2. Open the Configuration Editor from Management section
  3. Open the Section: drop-down list and select system.webServer\security\requestFiltering item
  4. Open the requestLimits item, set maxQueryString to 8192
  5. Click Apply in Actions section
  6. Switch to Default Web Site\pam\core
  7. Open the Configuration Editor from Management section
  8. Open the Section: drop-down list and select system.webServer\serverRuntime item
  9. Set uploadReadAheadSize to 1048576
  10. Click Apply in Actions section

Indeed PAM Core

All URLs are specified in lowercase.

The json format does not allow comments in the file, so you must delete lines beginning with the characters "//"

Switch to C:\inetpub\wwwroot\pam\core folder and edit appsettings.json file:

ConnectionStrings section

  • PamCore - IPAMCore database connection string
  • JobsQueue - IPAMTasks database connection string

Connection String parameters:

  • Server - DBMS server name or named instance
  • Database - Database name
  • User ID - account to use with Database

  • Password - account password

    "ConnectionStrings": {
  "PamCore": "Server=sql.domain.local;Database=IPAMCore;Integrated Security=False;User ID=IPAMSQLService;Password=password",
  "JobsQueue": "Server=sql.domain.local;Database=IPAMTasks;Integrated Security=False;User ID=IPAMSQLService;Password=password"
},

    If using a Named Instance of Microsoft SQL Server, the value of the Server parameter must be specified in the Server Name\\Named instance format.

    "PamCore": "Server=sql\\instance; ..."

Database section

Provider - DBMS provider

  • mssql - Microsoft SQL Server
  • pgsql - PostgreSQL, PostgreSQL Pro

Auth section

  • IdpUrls - Indeed PAM IdP URL address

  • ApiSecret - Secret for component authentication purposes

    The secret for the ApiSecret parameter is generated by the console utility Pam.ConsoleApp.exe

  • PamGatewayIpAddresses - Indeed PAM Gateway or SSH PROXY IP Addresses

      "Auth": {
    "IdpUrls": [ "https://pam.domain.local/pam/idp" ],
	"ApiSecret": "aEB+UkZI3imDdp4xLHgHz/pxLZI9XEX4q6uI822/XfdPKaXJjfGrDVCH/u7SxVq3Os3GTFnfgkQc+AJBhmm4rQ==",
    "MediaDataUrlsSecret": "42C329CF-B932-46DE-83F5-0C302AE9E486",
    "PamGatewayIpAddresses": "192.168.48.155, 192.168.48.202",
    "GatewayCertificateValidation": {
      "Enabled": false,
      "Filter": ""
    }   
  },

Encryption section

  • Algorithm - encryption algorithm

  • Key - encryption key

    The encryption key is generated by the IndeedPAM.KeyGen.exe utility, which is the part of the Indeed PAM distribution and is located in the /Misc directory.

    "Encryption": {
  "Algorithm": "AES",
  "Key": "4258egk74n834rr93bf458813l7618wq7f1jei9a58915pk511z63n5j0svt1m1o8",
  "MediaFiles": {
    "Algorithm": "AES"
  }
},

Features section

  • AllowRevealAccountName - option for reveal the Account in the user console. If false, the Account names will not be revealed in the user console.
  • AllowRevealCredentials - option for reveal the Password in the user console. If false, the password from Accounts will not be revealed in the user console..

LogServer section

  • Directory - temporary folder for recording events

  • Url - Indeed Log Server API URL address

      "LogServer": {
    "AppId": "pam",
    "Component": "server",
    "EventCache": {   
    	"Directory": "C:\\ILS\\Core",
    	"SendingIntervalSec": 10
	},
    "Server": {
      "Url": "https://pam.domain.local/ls/api",
      "Certificate": {
        "Thumbprint": "",
        "FilePath": "",
        "FilePassword": ""
      }
    }
  },

UserCatalog section

  • ServerNameis the DNS name of Domain Controller that performs Global Catalog function
  • ContainerPathis the Distinguished name of Container or OU to be used as Active Directory user directory
  • UserName - service account for working with Active Directory user directory

  • Password - service account password

    "UserCatalog": {
    "RootProvider": "ad",
    "Providers": {
      "ActiveDirectory": [
        {
          "Id": "ad",
          "ServerName": "domain.local",
          "ContainerPath": "DC=domain,DC=local",
          "UserName": "IPAMManager",
          "Password": "password",
          "UserMapRules": {
            "Settings": [
              {
                "Category": "person",
                "Class": "user"
              }
            ]
          }
        }
      ]
    }
  }

  • No labels