Wiki source code of Guide d'installation Windows

Last modified by Aurelie Bertrand on 2024/08/28 11:25
Show last authors
1 This guide provides installation and configuration instructions for Windows.
2
3 ----
4
5 {{ddtoc/}}
6
7 ----
8
9 (% class="box warningmessage" %)
10 (((
11 Java is required to run DigDash. The minimum requirement is Java 11. We recommend using Java 17.
12 )))
13
14 (% class="box infomessage" %)
15 (((
16 __Vocabulary__
17
18 In all documentation pages, "**applications**" refer to .war files present in the DigDash Enterprise server (digdash_enterprise_202XRX_pXXXXXXXX_64\apache-tomcat\webapps):
19
20 * **Server**: ddenterpriseapi.war
21 * **Dashboard**: digdash_dashboard.war
22 * **Web Studio**: studio.war
23 * **Homepage**: adminconsole.war
24
25 This set of applications constitutes a domain. Depending on the needs, this domain can be duplicated, for example, to have a development context and another production context.
26 )))
27
28 This document describes how to install DigDash on Windows.
29
30 To install DigDash on Linux, please refer to the [[Installation guide for Linux>>doc:Digdash.deployment.installation.install_guide_ubuntu.WebHome]].
31
32 To update an existing installation, please refer to the [[Upgrade Guide>>doc:Digdash.deployment.installation.upgrade_dde.WebHome]].
33
34 = Terminology =
35
36 (% id="H1.1.Acronymes" %)
37 == Acronyms ==
38
39 (((
40 (% border="1" cellspacing="0" style="border-collapse:collapse; border:none; width:1004px" %)
41 |=(% style="background-color: grey; border-width: 1px; border-style: solid; padding: 7px; vertical-align: middle; width: 257px; border-color: grey;" %)(((
42 (% style="line-height:1.2; margin-left:-5px; text-align:center" %)
43 (% style="color:#f8f7f7; font-family:~"Open Sans~",sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)Acronym
44 )))|=(% style="background-color: grey; border-style: solid; border-width: 1px; padding: 7px; vertical-align: middle; width: 746px; border-color: grey;" %)(((
45 (% style="line-height:1.2; margin-left:-5px; margin-right:-8px; text-align:center" %)
46 (% style="color:#f8f7f7; font-family:~"Open Sans~",sans-serif; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; overflow-wrap:break-word; overflow:hidden; text-decoration:none; white-space:pre-wrap" %)**Meaning**
47 )))
48 |Digdash|(((
49 <DD Install> : folder ( example : digdash_enterprise_2022R2_p20230103_64) used for Digdash installation
50
51 [[image:1674038202679-522.png]]
52 )))
53 |(((
54 OS
55 )))|(((
56 Operating System ( Windows, Ubuntu etc..)  (about 20G)
57 )))
58 |(((
59 Data drive
60 )))|(((
61 E: In this documentation
62
63 Partition or disk different from the system (size depends on the project)
64 )))
65 |(((
66 ROOT drive
67 )))|(((
68 C: In this documentation
69
70 Partition or disk that hosts OS data
71 )))
72 |(((
73 Logs drive
74 )))|(((
75 L: Dans cette documentation
76
77 Partition or disk which hosts the Log files (allocate a size of 5 G) ideally dedicated
78 )))
79 )))
80
81 = Installation procedure =
82
83 == List of modules outside of DigDash ==
84
85 All servers must have at least the following installations:
86
87 * File system
88 * Microsoft JDK 17
89 * Tomcat 9
90 * DigDash WebApps
91
92 List of production components:
93
94 * Replace ADSWRAPPER with OpenDJ (For production environments)
95 * Replace H2 with a Database: PostGres or MariaDB
96
97 List of optional components:
98
99 * Reverse Proxy: Apache for Windows
100
101 = Supported versions =
102
103 The following versions are supported :
104
105 * Tomcat 9 : last patch
106 * OpenDJ (recommended) : version 4.6.2 and later
107 * MariaDB : OS version or last patch of last LTS version
108 * Apache2 : last patch
109
110 (% style="line-height:1.2; text-align:justify; margin-bottom:4px" %)
111 = Installations =
112
113 (% id="H3.1.SystE8medefichier" %)
114 == Creating a file system ==
115
116 1. Create a “logs” directory at the root of the desired directory (L):
117 1*. logs: hosts the log files of applications running on the server locally
118 1. Create a “digdash” directory at the root of E.
119 1. In the digdash directory, create 4 directories:
120 1*. tools: hosts the tools delivered by DigDash which can interact with it (import tool, backup tools)
121 1*. webapps: DigDash application modules: (studio, adminconsole, dashboard, ddenterpriseapi)
122 1*. ldapdigdash: hosts LDAP configuration and data
123 1*. appdata: hosts DigDash data
124 1. In each directory created in the previous steps, create a default directory.
125 1. Copy the digdash.properties file to the root of the digdash directory of E:
126
127 [[image:1674039152023-715.png||data-xwiki-image-style-alignment="center"]]
128
129
130 === Editing the digdash.properties file ===
131
132 * Open the digdash.properties file and add the following lines: :
133
134 {{code language="shell"}}
135 # Add these lines at the beginning of the file
136
137 # Log files location
138 ddenterpriseapi.ddlog4j.properties.file=E:/digdash/log4j2_api.properties
139 studio.ddlog4j.properties.file=E:/digdash/log4j2_studio.properties
140 digdash_dashboard.ddlog4j.properties.file=E:/digdash/log4j2_dash.properties
141
142 # Appadata location
143 ddenterpriseapi.AppDataPath=E:/digdash/appdata/default
144 digdash_dashboard.AppDataPath=E:/digdash/appdata/default
145 studio.AppDataPath=E:/digdash/appdata/default
146 adswrapper.ads.instance.name=E:/digdash/appdata/default/ldapdigdash
147
148 adminconsole.adminconsole_domain=adminconsole
149 adminconsole.webstudio_domain=studio
150 adminconsole.server_domain_list=ddenterpriseapi
151 adminconsole.dashboard_domain=digdash_dashboard
152
153 studio.DOMAIN=ddenterpriseapi
154 studio.FORCEDOMAIN=true
155 studio.SERVERURL=http://localhost:8080
156 studio.FORCESERVERURL=true
157 studio.adminconsole_domain=adminconsole
158
159 digdash_dashboard.DOMAIN=ddenterpriseapi
160 digdash_dashboard.FORCEDOMAIN=true
161 digdash_dashboard.SERVERURL=http://localhost:8080
162 digdash_dashboard.FORCESERVERURL=true
163 digdash_dashboard.adminconsole_domain=adminconsole
164
165 ########### Nettoyage automatique des fichiers programmé
166 ########### Scheduled automatic file cleaning
167 ddenterpriseapi.startCleaner=true
168
169 ########### Nettoyage des fichiers inutilisés  au démarrage du serveur
170 ########### Clean up unused files on server startup
171 ddenterpriseapi.cleanOnStart=false
172
173 ########### Sauvegarde automatique programmée
174 ########### Scheduled automatic backup
175 ddenterpriseapi.autoBackup=true
176 ddenterpriseapi.autoBackupKeepDays=7
177 digdash_dashboard.CANCHANGEPASSWORD=true
178
179
180
181 ########### Redirect address after logout
182
183 #ddenterpriseapi.urlLogout=http://localhost:8080
184 {{/code}}
185
186 (((
187 === Creating log files at the root of the digdash directory :E ===
188 )))
189
190 ==== log4j2_api.properties ====
191
192 (% style="font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Create the log4j2_api.properties file at the root of the directory.
193
194 (% style="font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Copy the following code:
195
196 {{code language="shell"}}
197 status = warn
198
199 # Log files location
200 property.basePath = L:/logs
201 # webapp name
202 property.webAppName = ddenterpriseapi
203 # short webapp name
204 property.shortWebAppName = ddapi
205
206 # Definition of logger.app
207 logger.app.name = com.digdash
208 # Web application log level: trace, debug, info, warn, error, fatal
209 logger.app.level = debug
210 logger.app.additivity = false
211
212 # Definition of appender RollingFile
213 appender.rolling.type = RollingFile
214 appender.rolling.name = RollingFile
215 appender.rolling.fileName = ${basePath}/${webAppName}.log
216 appender.rolling.filePattern = ${basePath}/${webAppName}-%i.log.gz
217 appender.rolling.layout.type = PatternLayout
218 appender.rolling.layout.pattern = %d %-5p [${shortWebAppName}] [%t] (%F:%L) - %m%n
219 appender.rolling.policies.type = Policies
220 appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
221 appender.rolling.policies.size.size = 200MB
222 appender.rolling.strategy.type = DefaultRolloverStrategy
223 appender.rolling.strategy.max = 15
224
225 # Linking logger.app to RollingFile appender
226 logger.app.appenderRef.rolling.ref = RollingFile
227 {{/code}}
228
229 (((
230 ==== log4j2_dash.properties ====
231 )))
232
233 (% style="font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Create the log4j2_dash.properties file at the root of the directory.
234
235 (% style="font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Copy the following code:
236
237 {{code language="shell"}}
238 status = warn
239
240 # Log files location
241 property.basePath = L:/logs
242 # webapp name
243 property.webAppName = dashboard
244 # short webapp name
245 property.shortWebAppName = dash
246
247 # Definition of logger.app
248 logger.app.name = com.digdash
249 # Webapplication log level : trace, debug, info, warn, error, fatal
250 logger.app.level = debug
251 logger.app.additivity = false
252
253 # Definition of appender RollingFile
254 appender.rolling.type = RollingFile
255 appender.rolling.name = RollingFile
256 appender.rolling.fileName = ${basePath}/${webAppName}.log
257 appender.rolling.filePattern = ${basePath}/${webAppName}-%i.log.gz
258 appender.rolling.layout.type = PatternLayout
259 appender.rolling.layout.pattern = %d %-5p [${shortWebAppName}] [%t] (%F:%L) - %m%n
260 appender.rolling.policies.type = Policies
261 appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
262 appender.rolling.policies.size.size = 200MB
263 appender.rolling.strategy.type = DefaultRolloverStrategy
264 appender.rolling.strategy.max = 15
265
266 # Linking logger.app to appender RollingFile
267 logger.app.appenderRef.rolling.ref = RollingFile
268 {{/code}}
269
270 ==== log4j2_studio.properties ====
271
272 (% style="font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Create the log4j2_studio.properties file at the root of the directory.
273
274 (% style="font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Copy the following code:
275
276 {{code language="shell"}}
277 status = warn
278
279 # Log files location
280 property.basePath = L:/logs
281 # webapp name
282 property.webAppName = studio
283 # short webapp name
284 property.shortWebAppName = studio
285
286 # Definition of logger.app
287 logger.app.name = com.digdash
288 # Webapplication log level : trace, debug, info, warn, error, fatal
289 logger.app.level = debug
290 logger.app.additivity = false
291
292 # Definition of appender RollingFile
293 appender.rolling.type = RollingFile
294 appender.rolling.name = RollingFile
295 appender.rolling.fileName = ${basePath}/${webAppName}.log
296 appender.rolling.filePattern = ${basePath}/${webAppName}-%i.log.gz
297 appender.rolling.layout.type = PatternLayout
298 appender.rolling.layout.pattern = %d %-5p [${shortWebAppName}] [%t] (%F:%L) - %m%n
299 appender.rolling.policies.type = Policies
300 appender.rolling.policies.size.type = SizeBasedTriggeringPolicy
301 appender.rolling.policies.size.size = 200MB
302 appender.rolling.strategy.type = DefaultRolloverStrategy
303 appender.rolling.strategy.max = 15
304
305 # Linking logger.app to appender RollingFile
306 logger.app.appenderRef.rolling.ref = RollingFile
307 {{/code}}
308
309 == Deploying WebApps ==
310
311 Place the following (contained in the <DD Install>\apache-tomcat\webapps directory) in the E:/digdash/webapps/default folder:
312
313 * adminconsole.war
314 * ddenterpriseapi.war
315 * digdash_dashboard.war
316 * studio.war
317 * ROOT/ folder
318
319 == Installing Microsoft JDK (optional if already installed) ==
320
321 (% class="box warningmessage" %)
322 (((
323 It is recommended to install JDK 17. 
324 ​​​​​​JDK 11 is supported.
325 )))
326
327 1. Download Microsoft JDK : [[https:~~/~~/docs.microsoft.com/fr-fr/java/openjdk/download>>url:https://docs.microsoft.com/fr-fr/java/openjdk/download]] or use the binary available in the installation Zip partenaire_installation_initial.zip.
328 1. Start the installation.
329
330 (% class="box infomessage" %)
331 (((
332 To check the installation was successful, go to the command prompt and type:
333 java -version.                                                                                              
334 )))
335
336 == Installing Tomcat 9{{id name="Tomcat_windows"/}} ==
337
338 (((
339 1. Download TomCat 9 from [[https:~~/~~/tomcat.apache.org/download-90.cgi>>url:https://tomcat.apache.org/download-90.cgi]] (Binary Distributions  - > Core -> 32-bit/64-bit Windows Service Installer).
340 1. Launch apache-tomcat-9.X.XX.exe.
341 1. Accept the license agreement.
342 1. In the **Components** list, select **Tomcat** (**Service Startup** & **Native**) and **Start Menu Item**.
343 (% style="border:none; color:#000000; display:inline-block; font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; height:243px; overflow:hidden; text-decoration:none; white-space:pre-wrap; width:312px" %)[[image:Tomcat1||data-xwiki-image-style-alignment="start"]]
344 )))
345
346 (% start="5" %)
347 1. Leave the configuration settings at default.
348
349 (% style="line-height: 1.38; margin-left: 48px;" %)
350 (% style="border:none; color:#000000; display:inline-block; font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; height:215px; overflow:hidden; text-decoration:none; white-space:pre-wrap; width:315px" %)[[image:Tomcat2.png]]
351
352 (% start="6" %)
353 1. Enter the path to the installation of the openjdk installed in step 1.
354
355 (% style="line-height: 1.38; margin-left: 48px;" %)
356 (% style="border:none; color:#000000; display:inline-block; font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; height:226px; overflow:hidden; text-decoration:none; white-space:pre-wrap; width:350px" %)[[image:Tomcat3.png]]
357
358 (% start="7" %)
359 1. Set the TomCat 9 installation directory.
360
361 (% style="line-height: 1.38; margin-left: 48px;" %)
362 (% style="border:none; color:#000000; display:inline-block; font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; height:265px; overflow:hidden; text-decoration:none; white-space:pre-wrap; width:352px" %)[[image:Tomcat4.png]]
363
364 (% start="8" %)
365 1. Click **Install **to start TomCat 9 installation.
366 1. Open page [[http:~~/~~/localhost:8080>>url:http://localhost:8080]] to check TomCat is working properly.
367 1. Open the TomCat 9 installation directory then the bin directory and launch tomcat9w.exe.
368 1. (((
369 Modify the parameters contained in the **Java **tab :
370 [[image:Tomcat5.png]]*
371
372 (((
373 * Adapt the paths to future digdash directories:
374 Ddigdash.properties.path=E:\digdash\digdash.properties
375 )))
376
377 * To ensure that special characters are taken into account, add the parameter **-Dfile.encoding=UTF-8** to the end of the JAVA_OPTS variable as below:
378 [[image:Dfile.png]]
379
380
381 )))
382
383 (% class="box warningmessage" style="line-height: 1.38;" %)
384 (((
385 ❗**Important:** Do not forget to increase the tomcat memory
386 Enter the same value in the “Initial memory” and “Maximum memory pool” fields in MB (example: “3000”)
387 )))
388
389 (% style="color:#000000; font-family:Arial; font-size:16pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Editing the server.xml file
390
391 1. Open the server.xml file located in the \Apache Software Foundation\Tomcat 9.0\conf directory.
392
393 {{code language="xml"}}
394   <Connector port="8080" protocol="HTTP/1.1"
395                 connectionTimeout="20000"
396                 maxConnections="30000"
397                 maxCParametersCount="100000"
398                 maxThreads="10000" maxPostSize="62914560"
399               redirectPort="8443" compression="on" />
400 {{/code}}
401
402 (((
403 (% cellspacing="0" class="table-bordered" style="border-collapse:collapse; border:none; width:1040px" %)
404 |
405
406 [[image:Tomcat6.png]]
407 )))
408
409 (% start="2" %)
410 1. Change the path of the webapps to deploy.
411
412 {{code language="xml"}}
413 <Host name="localhost"  appBase="E:/digdash/webapps/default"
414             unpackWARs="true" autoDeploy="true">
415       <Alias>digdash.client.com</Alias>
416 {{/code}}
417
418 (((
419
420 )))
421
422 (% start="3" %)
423 1. Add the log valve and then, the securing valve.
424
425 {{code language="xml"}}
426 <Valve className="org.apache.catalina.valves.ErrorReportValve" showReport="false" showServerInfo="false" /> 
427
428
429 <Valve className="org.apache.catalina.valves.RemoteIpValve"
430                 internalProxies="127\.0\.[0-1]\.1"
431                 remoteIpHeader="X-Forwarded-For"
432                 requestAttributesEnabled="true"
433                 protocolHeader="X-Forwarded-Proto"
434                 protocolHeaderHttpsValue="https"/>
435 {{/code}}
436
437 (((
438 (% style="color:#000000; font-family:Arial; font-size:16pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Editing the context.xml file
439 )))
440
441 1. Open the context.xml file located in the \Apache Software Foundation\Tomcat 9.0\conf directory.
442 1. Add the following XML tag in the Context section:
443
444 {{code language="xml"}}
445 <Resources cachingAllowed="true" cacheMaxSize="100000"/>
446 {{/code}}
447
448 (((
449 == Installing OpenDJ (recommended){{id name="OpenDJ"/}} ==
450 )))
451
452 === Initial setup ===
453
454 1. Download the OpenDJ installation file (**opendj-4.x.x.msi**) from: [[__https:~~/~~/github.com/OpenIdentityPlatform/OpenDJ/releases__>>url:https://github.com/OpenIdentityPlatform/OpenDJ/releases]]
455 1. Start the installation by double-clicking the **opendj-4.x.x.msi** file.
456 1. Keep the default location for the installtion directory : (C:/Program Files (x86)/opendj).
457 1. Open the installation directory C:/Program Files (x86)/opendj) and run the “setup.bat” as administrator.
458 1. Complete the **Server settings **and make sure to save the password entered.
459 [[image:Server Settings.png||alt="Server settings"]]
460
461 1. In the **Topology Options **tab, leave the default option **This will be a stand alone server**.
462 [[image:Topology Options.png||alt="Topology options"]]
463
464 1. Fill in the **Directory Data** and select **Only Create Base entry (dc=digdash,dc=com)**.
465 [[image:Directory Data.png||alt="Directory Data"]]
466
467 1. In the **Review **tab, check the entered values ​​and select the **Run the server as a Windows service **checkbox.**
468 [[image:Review.png||alt="Review"]]**
469
470 1. Click **Finish**.
471 [[image:Finished.png||alt="Finished"]]
472
473 When the installation is finished, check if the service is started. Then launch an administrator terminal for additional settings.
474
475 === Additional settings ===
476
477 1. Open the OpenDJ installation directory.
478
479 {{code language="cmd"}}
480 cd C:\Program Files (x86)\OpenDJ\bat
481 {{/code}}
482
483 (% start="2" %)
484 1. LDIF files can be downloaded by clicking on the following link : [[LDIF_OpenDJ>>attach:LDIF_OpenDJ.zip]].
485 1. Create the organizations using the “neworganization.ldif” file below
486
487 {{code language="c"}}
488 ldapmodify.bat --port 389 --bindDN "cn=Directory Manager" --bindPassword adminOpenDJ1 "C:\Users\digdash\Downloads\neworganisation.ldif"
489 {{/code}}
490
491 {{code language="c"}}
492 dn: ou=default,dc=digdash,dc=com
493
494 objectClass: organizationalUnit
495
496 ou: default
497 {{/code}}
498
499 (% start="4" %)
500 1. To create a password checker:
501 1*. Use the dsconfig.bat command, then log in with the Directory Manager credentials and accept the certificates.
502 1*. Go to menu 29 then select “create a new Password Validator” > select “Character Set Password Validator” > enter “Custom Character Set Password Validator” > “true” > “true” > then configure 4 character-set as follows:
503
504 {{code language="shell"}}
505 1:abcdefghijklmnopqrstuvwxyz
506 1:ABCDEFGHIJKLMNOPQRSTUVWXYZ
507 1:0123456789
508 1:!"#$%&'()*+,-./:;\<=>?@[]^_`{|}~
509 {{/code}}
510
511 ➡ The result should look like this:
512 [[image:Résultat.png]]
513 Once the configuration is complete, “finish” and exit “dsconfig”.
514
515 (% start="5" %)
516 1. For the second password checker, we can use a command line because it does not contain special characters:
517
518 {{code language="c"}}
519 dsconfig create-password-validator --bindDN "cn=Directory Manager" --bindPassword adminOpenDJ1 --validator-name "Custom length Password Validator" --set min-password-length:12 --set enabled:true --type length-based --no-prompt
520 {{/code}}
521
522 (% start="6" %)
523 1. Apply both password checkers:
524
525 {{code language="c"}}
526 dsconfig set-password-policy-prop --bindDN "cn=Directory Manager" --bindPassword adminOpenDJ1 --policy-name "Default Password Policy" --set password-validator:"Custom Character-set Password Validator" --set password-validator:"Custom length Password Validator" --no-prompt
527 {{/code}}
528
529 (% start="7" %)
530 1. Set the password policy for users using the “ppolicy.ldif” file below :
531
532 {{code language="c"}}
533 ldapmodify.bat --port 389 --bindDN "cn=Directory Manager" --bindPassword adminOpenDJ1 "C:\Users\digdash\Downloads\ppolicy.ldif"
534 {{/code}}
535
536 {{code language="c"}}
537 dn: cn=ppolicy,ou=default,dc=digdash,dc=com
538 objectClass: top
539 objectClass: subentry
540 objectClass: pwdPolicy
541 cn: ppolicy
542 pwdAttribute: userPassword
543 pwdAllowUserChange: TRUE
544 pwdCheckQuality: 1
545 pwdExpireWarning: 600
546 pwdFailureCountInterval: 30
547 pwdGraceAuthNLimit: 5
548 pwdInHistory: 5
549 pwdLockout: TRUE
550 pwdLockoutDuration: 900
551 pwdMaxAge: 0
552 pwdMaxFailure: 5
553 pwdMinAge: 0
554 pwdMustChange: FALSE
555 pwdSafeModify: FALSE
556 subtreeSpecification: {base "ou=users", specificationFilter "!(uid=admin)" }
557 {{/code}}
558
559 (% start="8" %)
560 1. Set a second password policy for the admin using the “ppolicy-admin.ldif” file below
561
562 {{code language="c"}}
563 ldapmodify.bat --port 389 --bindDN "cn=Directory Manager" --bindPassword adminOpenDJ1 "C:\Users\digdash\Downloads\ppolicy-admin.ldif"
564 {{/code}}
565
566 {{code}}
567 dn: cn=ppolicy-admin,ou=default,dc=digdash,dc=com
568 objectClass: top
569 objectClass: subentry
570 objectClass: pwdPolicy
571 cn: ppolicy-admin
572 pwdAttribute: userPassword
573 pwdAllowUserChange: TRUE
574 pwdCheckQuality: 1
575 pwdFailureCountInterval: 30
576 pwdGraceAuthNLimit: 5
577 pwdInHistory: 5
578 pwdLockout: FALSE
579 pwdMaxAge: 0
580 pwdMinAge: 0
581 pwdMustChange: FALSE
582 pwdSafeModify: FALSE
583 subtreeSpecification: {base "ou=users", specificationFilter "(uid=admin)" }
584 {{/code}}
585
586 (% start="9" %)
587 1. Change the password policy to allow pre-encoded passwords (useful for restores in digdash).
588
589 {{code language="c"}}
590 dsconfig.bat set-password-policy-prop --policy-name "Default Password Policy" --set allow-pre-encoded-passwords:true --hostname localhost --trustAll --bindDN "cn=directory manager" --bindPassword adminOpenDJ1 --no-prompt
591 {{/code}}
592
593 (% start="10" %)
594 1. Create an admin user for digdash via the “create_user_admin.ldif” file below:
595
596 {{code language="c"}}
597 ldapmodify.bat --port 389 --bindDN "cn=Directory Manager" --bindPassword adminOpenDJ1 "C:\Users\digdash\Downloads\create_user_admin.ldif"
598 {{/code}}
599
600 {{code language="c"}}
601 dn: uid=admin,ou=default,dc=digdash,dc=com
602 objectClass: shadowAccount
603 objectClass: inetOrgPerson
604 cn: Admin Domain Default
605 sn: Default
606 uid: admin_default
607 {{/code}}
608
609 (% start="11" %)
610 1. Assign the admin user the necessary rights using the “add_admin_right.ldif” and “add_admin_right2.ldif” files below:
611
612 {{code language="c"}}
613 ldapmodify.bat --port 389 --bindDN "cn=Directory Manager" --bindPassword adminOpenDJ1 "C:\Users\digdash\Downloads\add_admin_right.ldif"
614 {{/code}}
615
616 {{code language="c"}}
617 dn: ou=default,dc=digdash,dc=com
618 changetype: modify
619 add: aci
620 aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow write on userpassword and shadowlastchange for admin"; allow(write) (userdn = "ldap:///uid=admin,ou=default,dc=digdash,dc=com");)
621 aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow read,write on userpassword and shadowlastchange for auth users"; allow(read) (userdn = "ldap:///all");)
622 aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "userpassword || shadowlastchange")(version 3.0; acl "allow read on userpassword and shadowlastchange for anonymous"; allow(selfwrite) (userdn = "ldap:///anyone");)
623 aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "*")(version 3.0; acl "allow write on * for admin"; allow(all) (userdn = "ldap:///uid=admin,ou=default,dc=digdash,dc=com");)
624 aci: (target ="ldap:///ou=default,dc=digdash,dc=com")(targetattr = "*")(version 3.0; acl "allow read on * for anonymous"; allow(read) (userdn = "ldap:///all");)
625 {{/code}}
626
627 {{code language="c"}}
628 ldapmodify.bat --port 389 --bindDN "cn=Directory Manager" --bindPassword adminOpenDJ1 "C:\Users\digdash\Downloads\add_admin_right2.ldif"
629 {{/code}}
630
631 {{code language="c"}}
632 n: uid=admin,ou=default,dc=digdash,dc=com
633 changetype: modify
634 add: ds-privilege-name
635 ds-privilege-name: config-read
636 ds-privilege-name: password-reset
637 {{/code}}
638
639 (% start="12" %)
640 1. Generate a password for the administrator and remember it for later:
641
642 {{code language="c"}}
643 ldappasswordmodify.bat --port 389 --bindDN "cn=Directory Manager" --bindPassword adminOpenDJ1 --authzID "u:admin"
644 {{/code}}
645
646 === Useful option ===
647
648 (% class="wikigeneratedid" %)
649 The operation below is not part of the installation.
650 However, it may be useful to know it for later use.
651
652 ==== Extending the limit for LDAP searches ====
653
654 It is possible to extend the LDAP search limit to more than 1000 users with the “extend_search_limit.ldif” file below.
655
656 {{code language="c"}}
657 ldapmodify.bat --port 389 --bindDN "cn=Directory Manager" --bindPassword adminOpenDJ1 "C:\Users\digdash\Downloads\extend_search_limit.ldif"
658 {{/code}}
659
660 {{code language="c"}}
661 dn: uid=admin,ou=default,dc=digdash,dc=com
662 changetype: modify
663 add: ds-rlim-size-limit
664 ds-rlim-size-limit: 10000
665 {{/code}}
666
667 == Installing MariaDB{{id name="DB_windows"/}} ==
668
669 The MariaDB database will be used to store the following elements: comments, audit data and data entry.
670
671 This database is more durable than an H2 database, that is why we recommend its use. If you already have a database that Digdash can write to and read from then proceed to the configuration step.
672
673 PostgreSQL and MySQL are also compatible.
674
675 (% style="font-size:20px; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; text-wrap:wrap" %)Running the installer
676
677 1. Access the website [[(% style="-webkit-text-decoration-skip:none; color:#1155cc; font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration-skip-ink:none; text-decoration:underline; white-space:pre-wrap" %)__https:~~/~~/mariadb.com/downloads/__>>url:https://mariadb.com/downloads/||style="text-decoration:none"]](%%) and download the latest version of the software for OS: MS Windows (64-bit).
678 [[image:MariaDB.png]]
679
680 1. (% style="font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Run the .msi file to start the installation and click **Next**.(%%)
681 [[image:MariaDB2.png]]
682
683 1. (% style="font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Choose the database root password:
684 [[image:MariaSettings.png]](%%)
685
686 1. (% style="font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Click **Next** and install MariaDB.(%%)
687 [[image:MariaDB4.png]]
688
689 1. Check the security of the C:/Program Files/MariaDB 10.10 folder to only give the following rights to users: Read and execute; List folder contents; Read.
690 [[image:MariaDB5b_en.png]]
691
692 === Database configuration ===
693
694 1. (% style="font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Open command prompt as administrator and launch MariaDB.
695
696 {{code language="c"}}
697 cd "C:/Program Files/MariaDB 10.9/bin"
698 mariadb.exe -u root -p
699 {{/code}}
700
701 [[image:MariaDB6.png||queryString="width=704&height=215" height="215" width="704"]]
702
703 (% start="2" %)
704 1. (% style="font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Create the necessary databases domain_module (domain examples: default, dev, prod)
705
706 {{code language="shell"}}
707 CREATE DATABASE default_ddaudit;
708 CREATE DATABASE default_comment;
709 CREATE DATABASE default_ddentry;
710 {{/code}}
711
712 (% class="wikigeneratedid" %)
713 [[image:MariaDB7.png]]
714
715 === Creating users and assigning rights ===
716
717 1. (% style="font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Create a user for each database domaine_user_module:
718
719 {{code language="shell"}}
720 #The password “mynewpassword” must be changed
721
722 CREATE USER 'default_user_ddaudit'@'localhost' IDENTIFIED BY 'mynewpassword';
723 CREATE USER 'default_user_comment'@'localhost' IDENTIFIED BY 'mynewpassword';
724 CREATE USER 'default_user_ddentry'@'localhost' IDENTIFIED BY 'mynewpassword';
725 {{/code}}
726
727 (% start="2" %)
728 1. (% style="font-family:Arial; font-size:11pt; font-style:normal; font-variant:normal; font-weight:400; text-decoration:none; white-space:pre-wrap" %)Assign rights to the user on databases:
729
730 {{code language="shell"}}
731 GRANT ALL PRIVILEGES ON default_comment.* TO 'default_user_comment'@'localhost';
732 GRANT ALL PRIVILEGES ON default_ddaudit.* TO 'default_user_ddaudit'@'localhost';
733 GRANT ALL PRIVILEGES ON default_ddentry.* TO 'default_user_ddentry'@'localhost';
734 {{/code}}
735
736 === MariaDB Update ===
737
738 For a minor update (for example, 10.10.1 to 10.10.2), you have to :
739
740 1. Read the release note of the new version to ensure that there is no need to worry about the data.
741 1. Download the new version (example: 10.10.2) and run it : the update should be done automatically.
742 1. Restart MariaDB server.
743
744 (% style="line-height: 1.2; margin-bottom: 4px;" %)
745 = Configuring DigDash after installation =
746
747 (((
748 == Starting Digdash ==
749
750 1. Restart the Tomcat Service.
751 1. Open the Tomcat installation directory (\Apache Software Foundation\Tomcat 9.0\bin\Tomcat9w.exe), then double click the Tomcat9w.exe file, click Stop and Start.
752 1. Check the war deployment in the installation folder E:/digdash/webapps/default.
753 [[image:Vérif_déploiement_war.png||alt="Déploiement war"]]
754 )))
755
756 (% start="4" %)
757 1. Access DigDash homepage at the following address : [[http:~~/~~/localhost:8080/adminconsole>>url:http://localhost:8080/adminconsole]]
758 The login/password is admin/admin.
759
760 == Connecting Digdash to the installed OpenDJ server ==
761
762 (% style="line-height:1.2; text-indent:0.15354330708661657pt; text-align:justify" %)
763 Open [[http:~~/~~/localhost:8080/adminconsole/>>http://localhost:8080/adminconsole/]], **Configuration -> Server settings -> Servers -> LDAP Server**.
764
765 * Port:  389
766 * User: uid=admin, ou=default,dc=digdash,dc=com
767 * Password: OpenDJ admin password
768
769 [[image:LDAPserver_ok.png||alt="LDAP server"]]
770
771 (% style="line-height:1.2; text-indent:0.15354330708661657pt; text-align:justify" %)
772 Then click the **LDAP Queries** button and fill in the fields as below:
773
774 [[image:LDAPqueries_ok.png||alt="LDAP queries"]]
775
776 (% id="cke_bm_3931S" style="display:none" %)
777
778 == Changing the supervisor password and creating the LDAP account ==
779
780 === Changing the supervisor password ===
781
782 Open **Configuration  -> Server settings > Servers -> Enterprise Server **and enter a new password in the **Supervisor Password** field.
783
784 [[image:EnterpriseServer.png||alt="Enterprise server"]]
785
786 === Creating the LDAP account ===
787
788 1. Open **Configuration -> User management -> Users**.
789 1. Create a new admin user and assign him all roles and authorizations groups.
790 1. In the **Password** field, enter the new supervisor password defined above.
791
792 [[image:User_password.png]]
793
794 == Database configuration ==
795
796 === Audit data database ===
797
798 Open **Configuration -> Server settings -> Databases -> Audit data **and enter the URL, user and password.
799
800 **URL **: //jdbc:mariadb:~/~/localhost:3306/default_ddaudit//
801
802 This solution makes it possible to secure access to the audit database.
803 [[image:Audit_data.png]]
804
805
806 === Comments database ===
807
808 Open **Configuration -> Server settings -> Databases -> Audit data **and enter the URL, user and password.
809
810 **URL** ~:// jdbc:mariadb:~/~/localhost:3306/default_comment//
811
812 This solution makes it possible to secure access to the comment database.
813
814 [[image:Comments.png]]
815
816 === Data entry database ===
817
818 Open **Configuration -> Server settings -> Databases -> Data entry **and enter the URL, user and password.
819
820 Select the **Enable data entry** checkbox and select a database in the drop-down list below.
821
822 [[image:Data_entry.png]]
823
824 You must first have created a connection to the database from the Data connection manager in the Studio.
825 Enter default.user.ddentry for the user and password defined in the previous step.
826 The name defined in the **Login Name** field is the one that will appear in the database selection drop-down list.
827
828 (% style="line-height: 1.2; margin-bottom: 4px;" %)
829 == DigDash Services ==
830
831 (% class="wikigeneratedid" style="line-height: 1.2; margin-bottom: 4px;" %)
832 Open the Server status page : [[__http:~~/~~/localhost:8080/ddenterpriseapi/serverstatus?adminDomain=adminconsole&serverDomain=ddenterpriseapi__>>url:http://localhost:8080/ddenterpriseapi/serverstatus?adminDomain=adminconsole&serverDomain=ddenterpriseapi||style="text-align: justify; text-indent: 0.153543pt; background-color: rgb(255, 255, 255); font-size: 14px;"]].
833
834 Check that the DigDash services are activated and that the maximum memory is well adapted to the capacity of the server, you must leave at least 4 GB for the system.
835
836 [[image:Server_status.png]]