Setup and configuration LDAP with Deploy

Follow the steps mentioned below to set up LDAP:

  1. Start Docker on your host.
  2. Start an OpenLDAP container.

    docker run -p 389:389 -p 636:636 --name ldap-service -h ldap-service -e LDAP_ORGANISATION="XL" -e LDAP_DOMAIN="xl.com" -e LDAP_ADMIN_PASSWORD="password" -d osixia/openldap:latest

    Tip: This exposes LDAP over port 389 and LDAPS over port 636. Both ports are configurable.

  3. Start a phpLDAPadmin container to serve the WebUI to the new LDAP.

    docker run -p 6443:443 --name phpldapadmin-service -h phpldapadmin-service --link ldap-service:ldap-host -e PHPLDAPADMIN_LDAP_HOSTS=ldap-host --detach osixia/phpldapadmin:latest

    Tip: This will run phpLDAPadmin at your host’s port 6443 (configurable), which connects to the OpenLDAP service running in the container in step 2.

  4. Access the phpLDAPadmin WebUI at https://localhost:6443.
  5. Log in as admin with the right login DN (same as below if your LDAP domain name is xl.com as well). Login Credential: ID : cn=admin,dc=xl,dc=com Password: password
  6. Populate the LDAP server with the users and groups by the below steps:

    1. Select Create new entry here
    2. Select Generic: Organisational Unit and create OU name = users.
    3. Click users and click Create a child entry
    4. Select Default
    5. Select inetOrgPerson, organizationalPerson, person from the ObjectClasses dropdown and click proceed.
    6. Change RDN to cn (cn) and fill the rest of the information.
    7. Click proceed and commit to create users.
    8. Click admin and then click Create new entry here.
    9. Select Generic: Organisational Unit and create OU name = group.
    10. Click groups and then click Create new entry here.
    11. Click Default
    12. Select groupOfNames,mailGroup from the ObjectClasses dropdown and click proceed.
    13. Change RDN to cn (cn) and fill the rest of the information.
    14. Fill the name of the group in cn, email, add members by searching.
    15. Click proceed and commit to create a group.
  7. Configure conf/deployit-security xml-file with LDAP connection.
<?xml version="1.0" encoding="UTF-8"?>
<!--

Copyright (c) 2008-2010 XebiaLabs B.V. All rights reserved.

Your use of XebiaLabs Software and Documentation is subject to the Personal
License Agreement.

http://www.xebialabs.com/deployit-personal-edition-license-agreement

You are granted a personal license (i) to use the Software for your own
personal purposes which may be used in a production environment and/or (ii)
to use the Documentation to develop your own plugins to the Software.
"Documentation" means the how to's and instructions (instruction videos)
provided with the Software and/or available on the XebiaLabs website or other
websites as well as the provided API documentation, tutorial and access to
the source code of the XebiaLabs plugins. You agree not to (i) lease, rent
or sublicense the Software or Documentation to any third party, or otherwise
use it except as permitted in this agreement; (ii) reverse engineer,
decompile, disassemble, or otherwise attempt to determine source code or
protocols from the Software, and/or to (iii) copy the Software or
Documentation (which includes the source code of the XebiaLabs plugins). You
shall not create or attempt to create any derivative works from the Software
except and only to the extent permitted by law. You will preserve XebiaLabs'
copyright and legal notices on the Software and Documentation. XebiaLabs
retains all rights not expressly granted to You in the Personal License
Agreement.

-->
<!--
> Note: If you modify this file, you must restart the XL Deploy server.
-->

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:security="http://www.springframework.org/schema/security"
   xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
  ">

<bean id="rememberMeAuthenticationProvider" class="com.xebialabs.deployit.security.authentication.RememberMeAuthenticationProvider"/>
<bean id="XlAuthenticationProvider" class="com.xebialabs.deployit.security.authentication.XlAuthenticationProvider"/>
<bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://localhost:389/" />
<property name="userDn" value="cn=admin,dc=xl,dc=com" />
<property name="password" value="password" />
<property name="baseEnvironmentProperties">
  <map>
    <entry key="java.naming.referral">
      <value>ignore</value>
    </entry>
  </map>
</property>
</bean>
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="dc=xl,dc=com" />
<constructor-arg index="1" value="(&amp;(uid={0})(objectClass=inetOrgPerson))" />
<constructor-arg index="2" ref="ldapServer" />
</bean>
<bean id="authoritiesPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="ldapServer" />
<constructor-arg value="ou=groups,dc=xl,dc=com" />
<property name="groupSearchFilter" value="(member={0})" />
<property name="rolePrefix" value="" />
<property name="searchSubtree" value="true" />
<property name="convertToUpperCase" value="false" />
</bean>
<bean id="ldapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
  <constructor-arg ref="ldapServer" />
    <property name="userSearch" ref="userSearch">
  </property>
</bean>
</constructor-arg>
<constructor-arg ref="authoritiesPopulator" />
</bean>  
<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="rememberMeAuthenticationProvider" />
<security:authentication-provider ref="XlAuthenticationProvider" />
<security:authentication-provider ref="ldapProvider" />
</security:authentication-manager>

</beans>