How to configure Talend MDM with LDAP authentication if LdapDirect is set to false - 6.5

EnrichVersion
6.5
EnrichProdName
Talend Data Fabric
Talend MDM Platform
EnrichPlatform
Talend MDM Server
task
Installation and Upgrade

How to configure Talend MDM with LDAP authentication if LdapDirect is set to false

Subscription
Talend Master Data Management (MDM) supports user authentication through Lightweight Directory Access Protocol (LDAP), that is, integrating an existing directory of users using the LDAP protocol.

To do that, you need to enable authentication through LDAP in the MDM configuration file, which is a template that contains the configuration information related to LDAP.

In the configuration file, the option LdapDirect specifies the LDAP authentication method to use. If it is set to false, the indirect authentication method is used, in which an admin user must browse through the LDAP directory to find the distinguished name (DN) for the given username.

In this case, the LdapAdminDN, LdapAdminPassword, searchBase and searchFilter parameters must be set.

This article assumes that you have a good knowledge of LDAP and are familiar with LDAP configuration.

Retrieve the files base.ldif and users.ldif from the Downloads tab in the left panel of this page.

Using Indirect LDAP authentication in Talend MDM

Subscription

Procedure

  1. Open an LDAP connection and make sure that LDAP users exist under the LDAP server repository tree.

    In this example, the Apache Directory Studio is used as the LDAP browser and editor. There are two users administrator and john under ou=talend, dc=example, dc=com.

  2. Open the file jaas_ldap.conf under the directory <$INSTALLDIR>\conf, where INSTALLDIR indicates your Talend MDM installation directory.
  3. Make the changes required for the LDAP authentication in the configuration file. 
    MDM {
  com.amalto.core.server.security.jaas.LDAPLoginModule sufficient
  useFirstPass=false
  java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
  java.naming.security.authentication="simple"
  java.naming.provider.url="ldap://localhost:10389"
  LdapDirect=false
  LdapAdminDN="uid=admin,ou=system"
  LdapAdminPassword=secret
  searchBase="ou=talend,dc=example,dc=com"
  searchFilter="(&(objectClass=*)&(cn={0}))";
};
TDSC {
  com.amalto.core.server.security.jaas.LDAPLoginModule sufficient
  useFirstPass=false
  java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
  java.naming.security.authentication="simple"
  java.naming.provider.url="ldap://localhost:10389"
  LdapDirect=false
  LdapAdminDN="uid=admin,ou=system"
  LdapAdminPassword=secret
  searchBase="ou=talend,dc=example,dc=com"
  searchFilter="(&(objectClass=*)&(cn={0}))";
};
  4. After the configuration is done, save the file jaas_ldap.conf and rename it to jaas.conf. If needed, firstly make a backup copy of the original jaas_ldap.conf file.
  5. Restart the Talend MDM Server for the configuration to take effect.
  6. In Talend Studio, add two LDAP users administrator and john to the PROVISIONING database.
  7. Log in to Talend MDM Web UI as an LDAP authorized user, and check that the user login is successful.

    For example, enter administrator/12345 (which are the uid/password in LDAP).