The Laserfiche Directory Server service stores licensing information within a Microsoft SQL Server database. Make sure that Directory Server has sufficient permissions to access the desired Microsoft SQL Server before creating a new licensing site.
Directory Server Endpoint Configuration
Run the Directory Server Configuration Utility XmlEndpointUtility.exe to configure endpoint binding information for the Directory Server service. The utility is located in the Directory Server installation folder. The default path is C:\Program Files\Laserfiche\Directory Server\XmlEndpointUtility.exe.
Note: The user principal name must match the service user. If you change the service user, you must re-run the utility to update the user principal name for the endpoint. If there is a mismatch between the service user and the endpoint binding information, you may receive a "The caller was not authenticated by the service" error message.
HTTPS Configuration
Use the HTTPS Configuration section to configure the HTTPS binding between Directory Server and STS instances. XmlEndpointUtility.exe can bind a certificate to a port number.
The Certificate drop-down includes a list of available certificates in your local personal store on the Directory Server host.
- Select a valid TLS certificate.
- Optional: Specify a different HTTPS port if you do not want to use default port 5049.
- On initial installation or upgrade, the selected certificate will be bound upon closing the utility. Reopening the utility will show a Configure Port Binding button. To bind a different certificate, click Delete Current Binding, select a new certificate from the list, and click Configure Port Binding to bind the new TLS certificate to the specified port.
- Click Save.
Note: Clicking Delete Current Binding when there is no binding or clicking Configure Port Binding when there is already a binding will display corresponding error messages.
Security Token Service (STS) Endpoint Configuration
Run the Security Token Service endpoint configuration utility STSEndpointUtility.exe to configure endpoint binding information for each STS instance. The utility is located in the Web\WebSTS subfolder in the Directory Server installation folder. The default path is C:\Program Files\Laserfiche\Directory Server\Web\WebSTS\STSEndpointUtility.exe.
If you have configured an HTTPS port in the Directory Server Configuration Utility, select the Use TLS checkbox and make sure that the port is included in the fully qualified domain name field in the Security Token Service endpoint configuration utility in the format: host.example.com:PortValue, for example, machinename.example.com:5049.
Microsoft SQL Server Security Information
To create a licensing site, the specified SQL Server login or Directory Server service account must have sufficient permissions in the specified SQL Server instance to:
- Create stored procedures
- Create tables
Note: If you do not specify an existing empty database for Directory Server, then the service account must also be able to create databases in the specified SQL Server.
For normal operation, Directory Server must have sufficient permissions on the SQL database to:
- Read
- Write
- Create tables
- Execute stored procedures
Creating a Licensing Site
Browse to the Directory Server Web Administration Console at https://SampleServerName/LFDS.
- A display name for this new licensing site.
- SQL Server host/instance name.
- SQL database name (you can attach an existing database or allow Directory Server to create a new one).
- Login information for SQL Server. You can use Windows authentication with the service account running the Directory Server service, or specify an appropriate SQL Server login.
Note: By default, Directory Server runs as Network Service. In default installations of Microsoft SQL Server, Network Service may not have sufficient permissions to SQL Server. If you are specifying the Windows authentication option, ensure that Network Service has sufficient permissions, or change the Laserfiche Directory Server service account to a different user.
Upon creating a licensing site, you must associate your Laserfiche primary license with this new Directory Server licensing site.
