Configure MATRIXX Backoffice Customer Tool for LDAP Authentication

This example demonstrates a simple LDAP authentication for MATRIXX Backoffice Customer Tool. You configure LDAP authentication for MATRIXX Backoffice Customer Tool in the /opt/mtx/conf/matrixxbct.yaml configuration file.

Before you begin

You must install MATRIXX Backoffice Customer Tool. For more information, see the discussion about installing web apps in MATRIXX Installation and Upgrade. You must also have access to a running LDAP server.

About this task

This example is provided as an alternative to the default MATRIXX Backoffice Customer Tool authentication. If you enable LDAP authentication, the MATRIXX Backoffice Customer Tool default users are evaluated first to authenticate the user, and then LDAP authentication is used.
Note: MATRIXX supports Active Directory LDAP authentication. For information about enabling Active Directory support for MATRIXX Backoffice Customer Tool, see the discussion about configuring Active Directory LDAP authentication in MATRIXX Security.

Procedure

  1. Configure the matrixxbct.yaml file with a ConfigMap in the Helm values file.
    For example: 
    matrixxbct:
  configuration:
    container:
      configmap:
        matrixxbct.yaml: |-
          matrixxbct:
   	  ldap:
		enabled: true
             contextSource: ldap://localhost:10389/dc=example,dc=com 
             userDnPrefix: uid= 
             userDnSuffix: ',ou=people,dc=example,dc=com'
             userDnPatterns: uid={0},ou=people
             authoritiesPopulator: ou=groups 
             groupRoleAttribute: ou
    The properties are:
    Table 1. LDAP Properties
    Property Description Default
    enabled When set to true, enables LDAP support. true
    contextSource The URL of the LDAP server. ldap://localhost:10389/dc=example,dc=com
    userDnPrefix The Distinguished Name (DN) prefix of the user to use for LDAP authentication requests. No default value. The correct value depends on LDAP configuration.
    userDnSuffix The Distinguished Name (DN) suffix of the user to use for LDAP authentication requests. For example: ',ou=people,dc=example,dc=com'
    userDnPatterns The Distinguished Name (DN) is obtained from the login name supplied to the application. This can be done by simple pattern-matching. uid={0},ou=people
    authoritiesPopulator The base name to use when searching for groups. ou=groups
    groupRoleAttribute The attribute to use to identify group roles. ou
    password The password of the user to use for LDAP authentication requests. No default value. The correct value depends on LDAP configuration.
  2. (Optional) If you need to look up an entry in LDAP by something other than Distinguished Name (DN), for example, if the user name is not part of the DN, set the following attributes to configure a userSearch bean. This augments userDnPatterns functionality, which is always attempted first.
    Table 2. userSearch-Related LDAP Properties
    Property Description Default
    userSearch.base The base path to search for users. No default value. The correct value depends on LDAP configuration.
    userSearch.filter The filter to use to search for a user's DN before bind. No default value. The correct value depends on LDAP configuration.
    searchSubTree If true, then the entire subTree is searched. true
    convertToUpperCase If true, the roles are converted to uppercase. true

    For example:

    userSearch:
  base: dc=example,dc=com
  filter: (sAMAccountName={0})
  searchSubTree: true
  convertToUpperCase: false
  3. Apply the configuration and restart MATRIXX Backoffice Customer Tool with a command similar to the following: 
    helm upgrade ag1 matrixx/matrixx --namespace matrixx-webapps-gateways -f matrixx-webapps-gateways_values.yaml --version 5270

    Where matrixx-webapps-gateways_values.yaml is a Helm values file that defines the ConfigMaps and enables RS Gateway.