Initial Configuration

The Laserfiche Directory Server service stores licensing information within a Microsoft SQL Server database. Make sure that Directory Server has sufficient permissions to access the desired Microsoft SQL Server before creating a new licensing site.

Directory Server Endpoint Configuration

Run the Directory Server Configuration Utility XmlEndpointUtility.exe to configure endpoint binding information for the Directory Server service. The utility is located in the Directory Server installation folder. The default path is C:\Program Files\Laserfiche\Directory Server\XmlEndpointUtility.exe.

Note: The user principal name must match the service user. If you change the service user, you must re-run the utility to update the user principal name for the endpoint. If there is a mismatch between the service user and the endpoint binding information, you may receive a "The caller was not authenticated by the service" error message.

HTTPS Configuration

Directory Server 10.4.3 and later no longer relies on WCF bindings for communication with STS instances. Use the HTTPS Configuration section to configure the HTTPS binding between Directory Server and STS instances. XmlEndpointUtility.exe can bind a certificate to a port number.

The Certificate drop-down includes a list of available certificates in your local personal store on the Directory Server host.

  1. Select a valid TLS certificate.
  2. Optional: Specify a different HTTPS port if you do not want to use default port 5049.
  3. On initial installation or upgrade, the selected certificate will be bound upon closing the utility. Reopening the utility will show a Configure Port Binding button. To bind a different certificate, click Delete Current Binding, select a new certificate from the list, and click Configure Port Binding to bind the new TLS certificate to the specified port.
  4. Click Save.

Note: Clicking Delete Current Binding when there is no binding or clicking Configure Port Binding when there is already a binding will display corresponding error messages.

Note: Laserfiche Directory Server Security Token Service (STS) 10.4.3 and later requires HTTP communication with Laserfiche Directory Server (LFDS). STS versions prior to 10.4.3 require WCF communication. To learn more, navigate to HTTPS and WCF Configuration.

Note: To facilitate user authentication and secure communication between Laserfiche Directory Server and other clients, it is recommended for all certificates to meet certain requirements. To learn more, navigate to Certificate Types & Requirements for Laserfiche Directory Server.

Security Token Service (STS) Endpoint Configuration

Run the Security Token Service endpoint configuration utility STSEndpointUtility.exe to configure endpoint binding information for each STS instance. The utility is located in the Web\WebSTS subfolder in the Directory Server installation folder. The default path is C:\Program Files\Laserfiche\Directory Server\Web\WebSTS\STSEndpointUtility.exe.

Directory Server 10.4.3 or later: If you have configured an HTTPS port in the Directory Server Configuration Utility, select the Use TLS checkbox and make sure that the port is included in the fully qualified domain name field in the Security Token Service endpoint configuration utility in the format: host.domain.com:PortValue, for example, machinename.sampledomain.com:5049.

SQL Server security information

To create a licensing site, the specified SQL Server login or Directory Server service account must have sufficient permissions in the specified SQL Server instance to:

  • Create stored procedures
  • Create tables

    • Note: If you do not specify an existing empty database for Directory Server, then the service account must also be able to create databases in the specified SQL Server.

For normal operation, Directory Server must have sufficient permissions on the SQL database to:

  • Read
  • Write
  • Create tables
  • Execute stored procedures

Creating a Licensing Site

Browse to the Directory Server Web Administration Console at https://SampleServerName/LFDS.

Laserfiche Directory Server stores data in a SQL database. When you access the Directory Server management website for the first time, you must specify SQL Server configuration information:

  1. A display name for this new licensing site.
  2. SQL Server host/instance name.
  3. SQL database name (you can attach an existing database or allow Directory Server to create a new one).
  4. Login information for SQL Server. You can use Windows authentication with the service account running the Directory Server service, or specify an appropriate SQL Server login.

    Note: By default, Directory Server runs as Network Service. In default installations of Microsoft SQL Server, Network Service may not have sufficient permissions to SQL Server. If you are specifying the Windows authentication option, ensure that Network Service has sufficient permissions, or change the Laserfiche Directory Server 11 service account to a different user.

Upon creating a licensing site, you must associate your Laserfiche primary license with this new Directory Server licensing site.