Six Stars

Authenitcation using LDAP on Open Studio ESB Runtime

Does anyone know if it is possible (if so, then how) to use LDAP as the authentication source for the Talend Open Studio for ESB Runtime? By default the user names   and passwords are stored in the {talend runtime path}/container/etc/users.properties file. This authentication works fine, however, I would like to use our LDAP system instead.
3 REPLIES
Six Stars

Re: Authenitcation using LDAP on Open Studio ESB Runtime

I read this post, but don't understand it.
https://www.talendforge.org/forum/viewtopic.php?id=33684
Six Stars

Re: Authenitcation using LDAP on Open Studio ESB Runtime

I found this documentation, (https://help.talend.com/pages/viewpage.action?pageId=264277434) but don't understand it. Does anyone know where I could find the jaas config file that they reference in the documentation?
Six Stars

Re: Authenitcation using LDAP on Open Studio ESB Runtime

I figured it out. To enable LDAP as the authentication mechanism for the karaf realm, you need to ...

1. Create a Blueprint configuration file called ldap-module.xml
2. Copy the example XML into the ldap-module.xml file
3. Modify the jaas module element content accordingly (e.g.: connection.url=ldap://my-ldap-server:389)
4. Move the ldap-module.xml file into the container deploy directory on the Talend server - {talend runtime install path}/container/deploy
5. Update the system.property file - {talend runtime install path}/container/etc}
    i. add line karaf.admin.role=unique-ldap-group-name
6. Restart the container - {talend runtime install path}/container/bin/trun.bat or Windows Service made by the wrapper (e.g.: TALEND-RUNTIME)

Here are some research links that I used:
https://help.talend.com/pages/viewpage.action?pageId=264277434
https://karaf.apache.org/manual/latest-2.2.x/developers-guide/security-framework.html
https://karaf.apache.org/manual/latest/users-guide/security.html
http://docs.huihoo.com/talend/5/esb/Talend_ESB_Container_AG_5.2.1_EN.pdf
http://stackoverflow.com/questions/29966365/how-to-activate-ldaploginmodule-in-apache-karaf-3-0-3
http://owulff.blogspot.com/2011/10/configure-ldap-directory-for-cxf-sts.html
http://coheigea.blogspot.com/2014/10/using-jaas-with-apache-cxf.html
https://www.talendforge.org/forum/viewtopic.php?id=48068
http://duncandoyle.blogspot.com/2014/12/securing-jboss-mq-management-interfaces.html