Skip to main content
Version: Deploy 24.3

Set up and configure LDAP with Deploy

This topic describes how to set up and configure LDAP with Deploy.

To set up LDAP:

  1. Start Docker on your host.

  2. Start an OpenLDAP container.

    docker run -p 389:389 -p 636:636 --name ldap-service -h ldap-service -e LDAP_ORGANISATION="XL" -e LDAP_DOMAIN="xl.com" -e LDAP_ADMIN_PASSWORD="password" -d osixia/openldap:latest
tip

This exposes LDAP over port 389 and LDAPS over port 636. Both ports are configurable.

  1. Start a phpLDAPadmin container to serve the WebUI to the new LDAP.
docker run -p 6443:443 --name phpldapadmin-service -h phpldapadmin-service --link ldap-service:ldap-host -e PHPLDAPADMIN_LDAP_HOSTS=ldap-host --detach osixia/phpldapadmin:latest
tip

This will run phpLDAPadmin at your host's port 6443 (configurable), which connects to the OpenLDAP service running in the container in step 2.

  1. Access the phpLDAPadmin WebUI at https://localhost:6443.

  2. Log in as admin with the right login DN (same as below if your LDAP domain name is xl.com as well).

    Login Credential:
    ID: cn=admin,dc=xl,dc=com
    Password: password

  3. Populate the LDAP server with the users and groups by the below steps:

    1. Select Create new entry here
    2. Select Generic: Organisational Unit and create OU name = users.
    3. Click users and click Create a child entry
    4. Select Default
    5. Select inetOrgPerson, organizationalPerson, person from the ObjectClasses dropdown and click proceed.
    6. Change RDN to cn (cn) and fill the rest of the information.
    7. Click proceed and commit to create users.
    8. Click admin and then click Create new entry here.
    9. Select Generic: Organisational Unit and create OU name = group.
    10. Click groups and then click Create new entry here.
    11. Click Default
    12. Select groupOfNames,mailGroup from the ObjectClasses dropdown and click proceed.
    13. Change RDN to cn (cn) and fill the rest of the information.
    14. Fill the name of the group in cn, email, add members by searching.
    15. Click proceed and commit to create a group.

  4. Configure conf/deployit-security.xml file with LDAP connection.

Upgrade from v.10.0 to v.10.1 or later

If you are upgrading Deploy from v.10.0 to v.10.1 or later, you can copy the security xml file from conf/deployit-security.xml and make sure you remove the security:authentication-manager section from the xml file as per below:

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
   xmlns:security="http://www.springframework.org/schema/security"
   xsi:schemaLocation="
    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
    http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
  ">

<bean id="rememberMeAuthenticationProvider" class="com.xebialabs.deployit.security.authentication.RememberMeAuthenticationProvider"/>
<bean id="XlAuthenticationProvider" class="com.xebialabs.deployit.security.authentication.XlAuthenticationProvider"/>
<bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://localhost:389/" />
<property name="userDn" value="cn=admin,dc=xl,dc=com" />
<property name="password" value="password" />
<property name="baseEnvironmentProperties">
  <map>
    <entry key="java.naming.referral">
      <value>ignore</value>
    </entry>
  </map>
</property>
</bean>
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="dc=xl,dc=com" />
<constructor-arg index="1" value="(&amp;(uid={0})(objectClass=inetOrgPerson))" />
<constructor-arg index="2" ref="ldapServer" />
</bean>
<bean id="authoritiesPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="ldapServer" />
<constructor-arg value="ou=groups,dc=xl,dc=com" />
<property name="groupSearchFilter" value="(member={0})" />
<property name="rolePrefix" value="" />
<property name="searchSubtree" value="true" />
<property name="convertToUpperCase" value="false" />
</bean>
<bean id="ldapProvider" class="com.xebialabs.xldeploy.auth.DeployLdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
  <constructor-arg ref="ldapServer" />
    <property name="userSearch" ref="userSearch">
  </property>
</bean>
</constructor-arg>
<constructor-arg ref="authoritiesPopulator" />
</bean>
</beans>