Configure My MATRIXX for LDAP Authentication

Configure simple LDAP authentication for My MATRIXX by specifying values for properties in the /opt/mtx/conf/matrixx.yaml file.

Before you begin

You must install My MATRIXX. For more information, see the discussion about installing web apps.

In addition, you must have access to a running LDAP server. The group names in the LDAP server must be configured in the format prefix+role-domain where the prefix is MTX_CB_ROLE_. For example, to create an admin role in the Sample domain, the group name may be MTX_CB_ROLE_admin-Sample. The My MATRIXX user roles are created using the list of groups that the user belongs to as configured in the LDAP server.

The domains a user has access to and the roles that a user has in each domain can be accessed in two ways. After a username and password is authenticated by My MATRIXX, the list of groups to which the user belongs is retrieved from the LDAP server. This list establishes the roles that the authenticated user has in My MATRIXX.

Domain access and roles can also be retrieved from a credentials file on the My MATRIXX server that lists the user's domains and roles, in the same format used in non-LDAP configuration. The password field in that file is not the same as the one used for an LDAP user.

Note: MATRIXX supports Active Directory LDAP authentication. For information about enabling Active Directory support for My MATRIXX, see the discussion about configuring Active Directory LDAP authentication in MATRIXX Security.

Procedure

  1. Configure the matrixx.yaml file with a ConfigMap in the Helm values file.
    For example: 
    matrixx:
  configuration:
    container:
      configmap:
        matrixxbct.yaml: |-
          matrixxbct:
   	  ldap:
		enabled: true
             contextSource: ldap://localhost:10389/dc=example,dc=com 
             userDnPrefix: uid= 
             userDnSuffix: ',ou=people,dc=example,dc=com'
             userDnPatterns: uid={0},ou=people
             authoritiesPopulator: ou=groups 
             groupRoleAttribute: ou
    The properties are:
    Table 1. LDAP Properties
    Property Description Default
    enabled When set to true, enables LDAP support. true
    contextSource The URL of the LDAP server. ldap://localhost:10389/dc=example,dc=com
    userDnPrefix The Distinguished Name (DN) prefix of the user to use for LDAP authentication requests. No default value. The correct value depends on LDAP configuration.
    userDnSuffix The Distinguished Name (DN) suffix of the user to use for LDAP authentication requests. For example: ',ou=people,dc=example,dc=com'
    userDnPatterns The distinguished name (DN) is obtained from the login name supplied to the application. This can be done by simple pattern-matching. uid={0},ou=people
    authoritiesPopulator The base name to use when searching for groups. ou=groups
    groupRoleAttribute The attribute to use to identify group roles. ou
    password The password of the user to use to authenticate with the LDAP server for requests. No default value. The correct value depends on LDAP configuration.
  2. Apply the configuration and restart MATRIXX Backoffice Customer Tool with a command similar to the following: 
    helm upgrade ag1 matrixx/matrixx --namespace matrixx-webapps-gateways -f matrixx-webapps-gateways_values.yaml --version 5270

    Where matrixx-webapps-gateways_values.yaml is a Helm values file that defines the ConfigMaps and enables RS Gateway.