Mule MMC Integration with LDAP
11
www.sanjeetpandey.com www.sanjeetpandey.com Prepared by – Sanjeet Pandey Mule MMC Integration with LDAP
-
Upload
sanjeet-pandey -
Category
Technology
-
view
132 -
download
2
Transcript of Mule MMC Integration with LDAP
www.sanjeetpandey.com
www.sanjeetpandey.com
Prepared by – Sanjeet Pandey
Mule MMC Integration with LDAP
www.sanjeetpandey.com
Overview
Mule Management Console (MMC) can be configured (or integrated) with an LDAP server for user authentication. In this case, the LDAP server creates and manages users and this information about users is not stored on the MMC. The main benefit of using LDAP is the consolidation of information for an entire organization into a central repository. For example, rather than managing user lists for each group within MMC, LDAP can be used as a central directory which is accessible anywhere on the network. Since, LDAP supports Secure Sockets Layer (SSL) and Transport Layer Security (TLS), sensitive data can be protected from prying eyes.
When using LDAP, the MMC needs to authenticate itself on the LDAP server to gain access to the LDAP database. Later, MMC needs to log in with a user account defined on the LDAP database. This user account can be from either of the accounts set up for users of the MMC, or it can be a separate account altogether (belonging to neither of them) with sole purpose of authenticating the MMC.
2
www.sanjeetpandey.com
Steps to configure Mule MMC
• Obtain LDAP parameters• Set up users and groups on LDAP• Create groups on MMC• Enable the LDAP Spring profile• Enable LDAP on the console• Place Jar file• Restart MMC
3
www.sanjeetpandey.com
Obtain LDAP parameters - Step 1
To obtain LDAP Parameters, a request has to be sent to LDAP admin for the following details –
• The LDAP host and listening port• The LDAP user account credentials which is used to connect the LDAP by the console• Structure of the LDAP tree that stores user and group information for console users
4
www.sanjeetpandey.com
Set up users and groups on LDAP - Step 2
Create groups in the LDAP and add all the users based on their permission like Administrator, System Administrator, Developer and Monitors
5
www.sanjeetpandey.com
Create groups on MMC - Step 3
Create groups on MMC with similar name to gain access to the LDAP database
6
www.sanjeetpandey.com
Enable the LDAP Spring profile - Step 4
• Navigate to the following directory: $MULE_HOME/apps/mmc/webapps/mmc/WEB-INF• Locate the file web.xml• Find the below parameter - <param-name>spring.profiles.active</param-name>• Modify by adding ldap as a string – <param-value>tracking-h2,env-derby,ldap</param-value>
7
www.sanjeetpandey.com
Enable LDAP on the console - Step 5
• Navigate to the following directory: $MULE_HOME/apps/mmc/webapps/mmc/WEB-INF/classes
• Locate the file mmc-ldap.properties• Modify following values• Change providerURL, cn, ou and dc to match the ldap tree• providerURL=ldap://LDAPHost:389/• MMC user/password to use for MMC to authenticate users on login. These credentials can be
used to for MMC to connect to the LDAP server• userDn=cn=mmc,dc=company,dc=com
password=mmcadmin• activeDirectory integration, the attribute of uid, sAMAccountName can be set• usernameAttribute=uid• base context to search for users within the LDAP tree (search subtree is in true)• userSearchBaseContext=ou=people,dc=company,dc=com
8
www.sanjeetpandey.com
Enable LDAP on the console (Cont.)
• filter expression used to find entries in the LDAP database that match a particular user• userSearchFilterExpression=(uid={0})• base context in the LDAP database in which the console will search for users to list in the
admin pages, change ou and dcto match the ldap tree. The LDAP tree structure needs to be changed based on the requirement to view the list of users in Console
• userSearchBase=ou=people,dc=company,dc=com• Users can be searched by determining the”key-value”. In the default scenario, it will look for
objectclass=person. The attribute used to search for users on the LDAP server• userSearchAttributeKey=objectclass• Value of the attribute is used to search for users on the LDAP server. In the LDAP tree all the
users should be of object type “person” which are being configured• userSearchAttributeValue=person• “Dn” is used to search for groups to which the user belongs ,ou and dc has to be changed to
match the ldap tree• roleDn=ou=groups,dc=company,dc=com
groupSearchFilter=(member={0})
9
www.sanjeetpandey.com
Place Jar file - Step 6
• Navigate to the following directory: $MULE_HOME/apps/mmc/webapps/mmc/WEB-INF/lib• Place the jar file called as "spring-ldap-1.3.1.RELEASE-all.jar".
Restart MMC• Restart the Mule Management Console.
10
www.sanjeetpandey.com 11
