Configuring Active Directory LDAP Authentication
MATRIXX supports Active Directory LDAP authentication using the Active Directory-specific ActiveDirectoryLdapAuthenticationProvider in Spring security.
The LDAP authentication provides support for LDAP connections to Active Directory for MATRIXX web applications. Enable Active Directory LDAP authentication by setting properties in the YAML
configuration files for each application:
- My MATRIXX — /opt/mtx/conf/matrixx.yaml.
- MATRIXX Backoffice Customer Tool — /opt/mtx/conf/matrixxbct.yaml.
- RS Gateway — /opt/mtx/conf/rsgateway-site.yaml.
For example, the following lines in the rsgateway-site.yaml file show an example Active Directory configuration for RS Gateway:
ldap:
ad:
enabled: true
domain: ad.coredump.app
url: ldap://192.168.86.45
You can also enable Active Directory by setting JVM system properties as shown in the following
examples:
... -Dmatrixx.ldap.ad.enabled=true -Dmatrixx.ldap.ad.domain=ad.coredump.app -Dmatrixx.ldap.ad.url=ldap://192.168.86.45 ...
... -Dmatrixxbct.ldap.ad.enabled=true -Dmatrixxbct.ldap.ad.domain=ad.coredump.app -Dmatrixxbct.ldap.ad.url=ldap://192.168.86.45 ...
... -Drsgateway.ldap.ad.enabled=true -Drsgateway.ldap.ad.domain=ad.coredump.app -Drsgateway.ldap.ad.url=ldap://192.168.86.45 ...AD Configuration Properties lists the Active Directory LDAP authentication configuration properties:
| Property | Description | Default |
|---|---|---|
| RS Gateway properties | ||
| rsgateway.ldap.ad.enabled | Set to true to enable AD support for RS Gateway. | false |
| rsgateway.ldap.ad.domain | The LDAP AD domain for RS Gateway, for example: ad.coredump.app |
- |
| rsgateway.ldap.ad.url | The URL for LDAP AD authentication, for example: ldap:/192.168.86.45 |
- |
| My MATRIXX properties | ||
| mymatrixx.ldap.ad.enabled | Set to true to enable AD support for My MATRIXX. | false |
| matrixx.ldap.ad.domain | The LDAP AD domain for My MATRIXX, for example: ad.coredump.app |
- |
| matrixx.ldap.ad.url | The URL for LDAP AD authentication, for example: ldap:/192.168.86.45 |
- |
| MATRIXX Backoffice Customer Tool properties | ||
| matrixxbct.ldap.ad.enabled | Set to true to enable AD support for MATRIXX Backoffice Customer Tool. | false |
| matrixx.ldap.ad.domain | The LDAP AD domain for MATRIXX Backoffice Customer Tool, for example:
ad.coredump.app |
- |
| matrixx.ldap.ad.url | The URL for LDAP AD authentication, for example: ldap:/192.168.86.45 |
- |
My MATRIXX Credential File
For My MATRIXX, you must also add a credential file such as 3.xml.
The following is an example 3.xml credential
file:
<user UUID='user_id' formatNumber='7' name='hle' password='password' type='admin'>
<DomainAccessArray>
<domain name='matrixxOne'>
<role access='user' />
<role access='enginemgr' />
<role access='enginedeploy' />
<role access='configuration' />
<role access='catalog' />
<role access='admin' />
</domain>
<domain name='Sample'>
<role access='user' />
<role access='enginemgr' />
<role access='enginedeploy' />
<role access='configuration' />
<role access='catalog' />
<role access='admin' />
</domain>
</DomainAccessArray>
<GlobalRoles>
<role access='usermgr' />
<role access='prodcompile' />
<role access='domainmgr' />
<role access='devcompile' />
</GlobalRoles>
<SettingsArray />Log Entries
When Active Directory is enabled, you see entries similar to the following in system
log files:
7477 [INFO ] 2021-07-14 11:18:49.437 [main] MatrixxActiveDirectoryUtils - > LDAP_AD - activeDirectoryLdapAuthenticationProvider, domain=ad.coredump.app, url=ldap://192.168.86.45