How to configure Talend MDM with LDAP authentication if LdapDirect is set to false

EnrichVersion
6.4
6.3
6.2
6.1
EnrichProdName
Talend Data Fabric
Talend MDM Platform
task
Installation and Upgrade
EnrichPlatform
Talend MDM Server

How to configure Talend MDM with LDAP authentication if LdapDirect is set to false

Talend Master Data Management (MDM) supports user authentication through Lightweight Directory Access Protocol (LDAP), that is, integrating an existing directory of users using the LDAP protocol.

To do that, you need to enable authentication through LDAP in the MDM configuration file, which is a template that contains the configuration information related to LDAP.

Note that the configuration file varies with the MDM version you are using. Before MDM Release 6.0, it was login-config.xml_LDAP; since MDM Release 6.0, it is jass.conf.

In the configuration file, the option LdapDirect specifies the LDAP authentication method to use. If it is set to false, the indirect authentication method is used, in which an admin user must browse through the LDAP directory to find the distinguished name (DN) for the given username.

In this case, the LdapAdminDN, LdapAdminPassword, searchBase and searchFilter parameters must be set.

This article assumes that you have a good knowledge of LDAP and are familiar with LDAP configuration.

Retrieve the files base.ldif and users.ldif from the Downloads tab in the left panel of this page.

This article applies to a subscribed version of Talend MDM v5.0.x or higher.

Using Indirect LDAP authentication in Talend MDM 5.6 and earlier versions

  1. Open a LDAP connection and make sure that users exist under the LDAP server repository tree.

    In this example, the free open source version of JXplorer is used as the LDAP browser and editor, and there are two users aiming and hacker under ou=People,dc=my-domain, dc=com.

  2. Open the file login-config.xml_LDAP under the directory <$INSTALLDIR>\jboss-4.2.2.GA\server\default\conf where INSTALLDIR indicates your Talend MDM installation directory.
  3. In the configuration file, replace the default URL specified by java.naming.provider.url with the URL to connect to the LDAP server.
    <module-option name="java.naming.provider.url">ldap://localhost:389</module-option>
  4. Set the LdapDirect option to false.
    <module-option name="LdapDirect">false</module-option>
  5. Add the information required for LDAP authentication following the module option LdapDirect:
    <!--InLDAP Direct-->
           <!-- LdapAdminDN -->
     
            <module-option name="LdapAdminDN">cn=Manager,dc=my-domain,dc=com</module-option>
     
            <!--LdapAdminPassword-->
     
            <module-option name="LdapAdminPassword">secret</module-option>
     
            <module-option name="searchBase">ou=People,dc=my-domain,dc=com</module-option>
         
            <module-option name="searchFilter">(&amp;(objectClass=*)&amp;(uid={0}))</module-option>
  6. After the configuration is done, save the file login-config.xml_LDAP and rename it to login-config.xml. If needed, save a backup copy of the original login-config.xml file first.
  7. Restart the Talend MDM Server for the configuration to take effect.
  8. In Talend Studio, add two LDAP users aiming and hacker to the PROVISIONING database.
  9. Log in to Talend MDM Web UI as an LDAP authorized user, and check that the user login is successful.
    For example, enter aiming/OneTwo2013 (which are the uid/password in LDAP).

Using Indirect LDAP authentication in Talend MDM 6.0 and onward

  1. Open an LDAP connection and make sure that LDAP users exist under the LDAP server repository tree.

    In this example, the Apache Directory Studio is used as the LDAP browser and editor. There are two users administrator and john under ou=talend, dc=example, dc=com.

  2. Open the file jaas_ldap.conf under the directory <$INSTALLDIR>\conf, where INSTALLDIR indicates your Talend MDM installation directory.
  3. Make the changes required for the LDAP authentication in the configuration file.
    MDM {
      com.amalto.core.server.security.jaas.LDAPLoginModule sufficient
      useFirstPass=false
      java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
      java.naming.security.authentication="simple"
      java.naming.provider.url="ldap://localhost:10389"
      LdapDirect=false
      LdapAdminDN="uid=admin,ou=system"
      LdapAdminPassword=secret
      searchBase="ou=talend,dc=example,dc=com"
      searchFilter="(&(objectClass=*)&(cn={0}))";
    };
    TDSC {
      com.amalto.core.server.security.jaas.LDAPLoginModule sufficient
      useFirstPass=false
      java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
      java.naming.security.authentication="simple"
      java.naming.provider.url="ldap://localhost:10389"
      LdapDirect=false
      LdapAdminDN="uid=admin,ou=system"
      LdapAdminPassword=secret
      searchBase="ou=talend,dc=example,dc=com"
      searchFilter="(&(objectClass=*)&(cn={0}))";
    };
  4. After the configuration is done, save the file jaas_ldap.conf and rename it to jaas.conf. If needed, firstly make a backup copy of the original jaas_ldap.conf file.
  5. Restart the Talend MDM Server for the configuration to take effect.
  6. In Talend Studio, add two LDAP users administrator and john to the PROVISIONING database.
  7. Log in to Talend MDM Web UI as an LDAP authorized user, and check that the user login is successful.

    For example, enter administrator/12345 (which are the uid/password in LDAP).