SlideShare a Scribd company logo

MMC Integration with LDAP and LDAP PS(SSL)

Download as PPTX, PDF
A
alfa

MMC Integration with LDAP and LDAP PS(SSL)

Technology
1 of 12
 Mule Management Console (MMC) can be configured (or integrated) with an LDAP server for user authentication. In this case, the LDAP server creates and manages users and this information about users is not stored on the MMC. The main benefit of using LDAP is the consolidation of information for an entire organization into a central repository. For example, rather than managing user lists for each group within MMC, LDAP can be used as a central directory which is accessible anywhere on the network. Since, LDAP supports Secure Sockets Layer (SSL) and Transport Layer Security (TLS), sensitive data can be protected from prying eyes.  There is a need for “Groups” to be created both on the LDAP server and on the MMC. When the MMC authenticates a user through LDAP, it requests the user’s group information from the LDAP server, and then assigns the appropriate permissions for the user based on the groups to which the user belongs.  When using LDAP, the MMC needs to authenticate itself on the LDAP server to gain access to the LDAP database. Later, MMC needs to log in with a user account defined on the LDAP database. This user account can be from either of the accounts set up for users of the MMC, or it can be a separate account altogether (belonging to neither of them) with sole purpose of authenticating the MMC.  For example –  The illustration given below portrays that if a User is available in the LDAP, only then MMC will allow User to log-in to the console.
 If the user is not available on LDAP, then it will not allow User to access the console.
 Obtain LDAP parameters  Set up users and groups on LDAP  Create groups on MMC  Enable the LDAP Spring profile  Enable LDAP on the console  Place Jar file  Restart MMC
To obtain LDAP Parameters, a request has to be sent to LDAP admin for the following details –  The LDAP host and listening port  The LDAP user account credentials which is used to connect the LDAP by the console  Structure of the LDAP tree that stores user and group information for console users
 Create groups in the LDAP and add all the users based on their permission like Administrator, System Administrator, Developer and Monitors
 Create groups on MMC with similar name to gain access to the LDAP database
 Navigate to the following directory: $MULE_HOME/apps/mmc/webapps /mmc/WEB-INF  Locate the file web.xml  Find the below parameter – <param- name>spring.profiles.active</param-name>  Modify by adding ldap as a string – <param- value>tracking-h2,env-derby,ldap</param- value>
  Navigate to the following directory: $MULE_HOME/apps/mmc/webapps/mmc/WEB-INF/classes  Locate the file mmc-ldap.properties  Modify following values  Change providerURL, cn, ou and dc to match the ldap tree  providerURL=ldap://LDAPHost:389/  MMC user/password to use for MMC to authenticate users on login. These credentials can be used to for MMC to connect to the LDAP server  userDn=cn=mmc,dc=company,dc=com password=mmcadmin  activeDirectory integration, the attribute of uid, sAMAccountName can be set  usernameAttribute=uid  base context to search for users within the LDAP tree (search subtree is in true)  userSearchBaseContext=ou=people,dc=company,dc=com  filter expression used to find entries in the LDAP database that match a particular user  userSearchFilterExpression=(uid={0})  base context in the LDAP database in which the console will search for users to list in the admin pages, change ou and dcto match the ldap tree. The LDAP tree structure needs to be changed based on the requirement to view the list of users in Console  userSearchBase=ou=people,dc=company,dc=com  Users can be searched by determining the”key-value”. In the default scenario, it will look for objectclass=person. The attribute used to search for users on the LDAP server  userSearchAttributeKey=objectclass  Value of the attribute is used to search for users on the LDAP server. In the LDAP tree all the users should be of object type “person” which are being configured  userSearchAttributeValue=person  “Dn” is used to search for groups to which the user belongs ,ou and dc has to be changed to match the ldap tree  roleDn=ou=groups,dc=company,dc=com groupSearchFilter=(member={0})
 Navigate to the following directory: $MULE_HOME/apps/mmc/webapps /mmc/WEB-INF/lib  Place the jar file called as "spring-ldap- 1.3.1.RELEASE-all.jar".
 Restart the Mule Management Console.
 Create the keystore (it is not required if a keystore is already available for use):  keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048  Download the LDAP certificate to the server hosting MMC  Import the LDAP certificate to the keystore:  keytool -import -alias ldapalias -keystore keystore.jks - file <path to the downloaded certificate>  Add the required SSL parameters to the Java process running MMC:  JAVA_OPTS="-Djavax.net.ssl.trustStore=<path to the keystore>/keystore.jks" (E.g., if MMC runs on a Tomcat, this needs to be added to catalina.sh)  Modify the LDAP configuration to use ldaps:// instead of ldap://

Recommended

Active diirecotry
Active diirecotryActive diirecotry
Active diirecotry
Pradeesh Stanislavose
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory Services
Varun Arora
 
Designing the active directory logical structure
Designing the active directory logical structureDesigning the active directory logical structure
Designing the active directory logical structure
John Carlo Catacutan
 
Interface database metadata
Interface database metadataInterface database metadata
Interface database metadata
myrajendra
 
DBMS Practical File
DBMS Practical FileDBMS Practical File
DBMS Practical File
Dushmanta Nath
 
Lemonldap::NG, open-source Web-SSO of the french administrations
Lemonldap::NG, open-source Web-SSO of the french administrationsLemonldap::NG, open-source Web-SSO of the french administrations
Lemonldap::NG, open-source Web-SSO of the french administrations
xguimard
 
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora. LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
OW2
 
Active directory-conceitos-pratica
Active directory-conceitos-praticaActive directory-conceitos-pratica
Active directory-conceitos-pratica
Matheus Carvalho
 

Recommended

Active diirecotry
Active diirecotryActive diirecotry
Active diirecotry
Pradeesh Stanislavose
 
Active Directory Services
Active Directory ServicesActive Directory Services
Active Directory Services
Varun Arora
 
Designing the active directory logical structure
Designing the active directory logical structureDesigning the active directory logical structure
Designing the active directory logical structure
John Carlo Catacutan
 
Interface database metadata
Interface database metadataInterface database metadata
Interface database metadata
myrajendra
 
DBMS Practical File
DBMS Practical FileDBMS Practical File
DBMS Practical File
Dushmanta Nath
 
Lemonldap::NG, open-source Web-SSO of the french administrations
Lemonldap::NG, open-source Web-SSO of the french administrationsLemonldap::NG, open-source Web-SSO of the french administrations
Lemonldap::NG, open-source Web-SSO of the french administrations
xguimard
 
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora. LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
LemonLDAP::NG - the New Generation WebSSO !, David Coutadeur, Linagora.
OW2
 
Active directory-conceitos-pratica
Active directory-conceitos-praticaActive directory-conceitos-pratica
Active directory-conceitos-pratica
Matheus Carvalho
 
Mule MMC Integration with LDAP
Mule MMC Integration with LDAPMule MMC Integration with LDAP
Mule MMC Integration with LDAP
Sanjeet Pandey
 
Integrate with ldap
Integrate with ldapIntegrate with ldap
Integrate with ldap
Son Nguyen
 
Ldapsession
LdapsessionLdapsession
Ldapsession
guest648519
 
Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9
rezgui
 
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap DirectoryConfiguring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Edson Oliveira
 
Ldap
LdapLdap
Ldap
Shiva Krishna Chandra Shekar
 
Active directory slides
Active directory slidesActive directory slides
Active directory slides
Timothy Moffatt
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administration
Ali Abdo
 
Addmi 06-security mgmt
Addmi 06-security mgmtAddmi 06-security mgmt
Addmi 06-security mgmt
odanyboy
 
Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2
Vinaykumar Hebballi
 
Active Directory
Active Directory Active Directory
Active Directory
Sandeep Kapadane
 
Active Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for ElasticsearchActive Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for Elasticsearch
Jochen Kressin
 
LDAP
LDAPLDAP
LDAP
Lokesh Kumar N
 
2005_604_Wagner_ppr
2005_604_Wagner_ppr2005_604_Wagner_ppr
2005_604_Wagner_ppr
Mary Wagner
 
Ucs rbac aaa-backu-ps
Ucs rbac aaa-backu-psUcs rbac aaa-backu-ps
Ucs rbac aaa-backu-ps
Krunal Shah
 
Chapter_11_LDAP_and_Kerberos-converted.pptx
Chapter_11_LDAP_and_Kerberos-converted.pptxChapter_11_LDAP_and_Kerberos-converted.pptx
Chapter_11_LDAP_and_Kerberos-converted.pptx
ahmedsayed947221
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-Linux
Balaji Ravi
 
Hunt for Domain Controller : Active Directory Pentesting Session
Hunt for Domain Controller : Active Directory Pentesting SessionHunt for Domain Controller : Active Directory Pentesting Session
Hunt for Domain Controller : Active Directory Pentesting Session
hacknpentest
 
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CloudIDSummit
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptx
masbulosoke
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
apidays
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

More Related Content

Similar to MMC Integration with LDAP and LDAP PS(SSL)

Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap DirectoryConfiguring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Edson Oliveira
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administration
Ali Abdo
 
Addmi 06-security mgmt
Addmi 06-security mgmtAddmi 06-security mgmt
Addmi 06-security mgmt
odanyboy
 
2005_604_Wagner_ppr
2005_604_Wagner_ppr2005_604_Wagner_ppr
2005_604_Wagner_ppr
Mary Wagner
 
Chapter_11_LDAP_and_Kerberos-converted.pptx
Chapter_11_LDAP_and_Kerberos-converted.pptxChapter_11_LDAP_and_Kerberos-converted.pptx
Chapter_11_LDAP_and_Kerberos-converted.pptx
ahmedsayed947221
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-Linux
Balaji Ravi
 
Hunt for Domain Controller : Active Directory Pentesting Session
Hunt for Domain Controller : Active Directory Pentesting SessionHunt for Domain Controller : Active Directory Pentesting Session
Hunt for Domain Controller : Active Directory Pentesting Session
hacknpentest
 

Similar to MMC Integration with LDAP and LDAP PS(SSL) (20)

Mule MMC Integration with LDAP
Mule MMC Integration with LDAPMule MMC Integration with LDAP
Mule MMC Integration with LDAP
 
Integrate with ldap
Integrate with ldapIntegrate with ldap
Integrate with ldap
 
Ldapsession
LdapsessionLdapsession
Ldapsession
 
Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9Ldapsession 1217528612650451-9
Ldapsession 1217528612650451-9
 
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap DirectoryConfiguring Domino To Be An Ldap Directory And To Use An Ldap Directory
Configuring Domino To Be An Ldap Directory And To Use An Ldap Directory
 
Ldap
LdapLdap
Ldap
 
Active directory slides
Active directory slidesActive directory slides
Active directory slides
 
Ldap system administration
Ldap system administrationLdap system administration
Ldap system administration
 
Addmi 06-security mgmt
Addmi 06-security mgmtAddmi 06-security mgmt
Addmi 06-security mgmt
 
Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2Open Ldap Integration and Configuration with Lifray 6.2
Open Ldap Integration and Configuration with Lifray 6.2
 
Active Directory
Active Directory Active Directory
Active Directory
 
Active Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for ElasticsearchActive Directory & LDAP | Security for Elasticsearch
Active Directory & LDAP | Security for Elasticsearch
 
LDAP
LDAPLDAP
LDAP
 
2005_604_Wagner_ppr
2005_604_Wagner_ppr2005_604_Wagner_ppr
2005_604_Wagner_ppr
 
Ucs rbac aaa-backu-ps
Ucs rbac aaa-backu-psUcs rbac aaa-backu-ps
Ucs rbac aaa-backu-ps
 
Chapter_11_LDAP_and_Kerberos-converted.pptx
Chapter_11_LDAP_and_Kerberos-converted.pptxChapter_11_LDAP_and_Kerberos-converted.pptx
Chapter_11_LDAP_and_Kerberos-converted.pptx
 
Practical-LDAP-and-Linux
Practical-LDAP-and-LinuxPractical-LDAP-and-Linux
Practical-LDAP-and-Linux
 
Hunt for Domain Controller : Active Directory Pentesting Session
Hunt for Domain Controller : Active Directory Pentesting SessionHunt for Domain Controller : Active Directory Pentesting Session
Hunt for Domain Controller : Active Directory Pentesting Session
 
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
CIS13: How to Build a Federated Identity Service on Identity and Context Virt...
 
Microsoft Active Directory.pptx
Microsoft Active Directory.pptxMicrosoft Active Directory.pptx
Microsoft Active Directory.pptx
 

Recently uploaded

Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 

Recently uploaded (20)

Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 

MMC Integration with LDAP and LDAP PS(SSL)

  • 1.
  • 2.  Mule Management Console (MMC) can be configured (or integrated) with an LDAP server for user authentication. In this case, the LDAP server creates and manages users and this information about users is not stored on the MMC. The main benefit of using LDAP is the consolidation of information for an entire organization into a central repository. For example, rather than managing user lists for each group within MMC, LDAP can be used as a central directory which is accessible anywhere on the network. Since, LDAP supports Secure Sockets Layer (SSL) and Transport Layer Security (TLS), sensitive data can be protected from prying eyes.  There is a need for “Groups” to be created both on the LDAP server and on the MMC. When the MMC authenticates a user through LDAP, it requests the user’s group information from the LDAP server, and then assigns the appropriate permissions for the user based on the groups to which the user belongs.  When using LDAP, the MMC needs to authenticate itself on the LDAP server to gain access to the LDAP database. Later, MMC needs to log in with a user account defined on the LDAP database. This user account can be from either of the accounts set up for users of the MMC, or it can be a separate account altogether (belonging to neither of them) with sole purpose of authenticating the MMC.  For example –  The illustration given below portrays that if a User is available in the LDAP, only then MMC will allow User to log-in to the console.
  • 3.  If the user is not available on LDAP, then it will not allow User to access the console.
  • 4.  Obtain LDAP parameters  Set up users and groups on LDAP  Create groups on MMC  Enable the LDAP Spring profile  Enable LDAP on the console  Place Jar file  Restart MMC
  • 5. To obtain LDAP Parameters, a request has to be sent to LDAP admin for the following details –  The LDAP host and listening port  The LDAP user account credentials which is used to connect the LDAP by the console  Structure of the LDAP tree that stores user and group information for console users
  • 6.  Create groups in the LDAP and add all the users based on their permission like Administrator, System Administrator, Developer and Monitors
  • 7.  Create groups on MMC with similar name to gain access to the LDAP database
  • 8.  Navigate to the following directory: $MULE_HOME/apps/mmc/webapps /mmc/WEB-INF  Locate the file web.xml  Find the below parameter – <param- name>spring.profiles.active</param-name>  Modify by adding ldap as a string – <param- value>tracking-h2,env-derby,ldap</param- value>
  • 9.   Navigate to the following directory: $MULE_HOME/apps/mmc/webapps/mmc/WEB-INF/classes  Locate the file mmc-ldap.properties  Modify following values  Change providerURL, cn, ou and dc to match the ldap tree  providerURL=ldap://LDAPHost:389/  MMC user/password to use for MMC to authenticate users on login. These credentials can be used to for MMC to connect to the LDAP server  userDn=cn=mmc,dc=company,dc=com password=mmcadmin  activeDirectory integration, the attribute of uid, sAMAccountName can be set  usernameAttribute=uid  base context to search for users within the LDAP tree (search subtree is in true)  userSearchBaseContext=ou=people,dc=company,dc=com  filter expression used to find entries in the LDAP database that match a particular user  userSearchFilterExpression=(uid={0})  base context in the LDAP database in which the console will search for users to list in the admin pages, change ou and dcto match the ldap tree. The LDAP tree structure needs to be changed based on the requirement to view the list of users in Console  userSearchBase=ou=people,dc=company,dc=com  Users can be searched by determining the”key-value”. In the default scenario, it will look for objectclass=person. The attribute used to search for users on the LDAP server  userSearchAttributeKey=objectclass  Value of the attribute is used to search for users on the LDAP server. In the LDAP tree all the users should be of object type “person” which are being configured  userSearchAttributeValue=person  “Dn” is used to search for groups to which the user belongs ,ou and dc has to be changed to match the ldap tree  roleDn=ou=groups,dc=company,dc=com groupSearchFilter=(member={0})
  • 10.  Navigate to the following directory: $MULE_HOME/apps/mmc/webapps /mmc/WEB-INF/lib  Place the jar file called as "spring-ldap- 1.3.1.RELEASE-all.jar".
  • 11.  Restart the Mule Management Console.
  • 12.  Create the keystore (it is not required if a keystore is already available for use):  keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks -keysize 2048  Download the LDAP certificate to the server hosting MMC  Import the LDAP certificate to the keystore:  keytool -import -alias ldapalias -keystore keystore.jks - file <path to the downloaded certificate>  Add the required SSL parameters to the Java process running MMC:  JAVA_OPTS="-Djavax.net.ssl.trustStore=<path to the keystore>/keystore.jks" (E.g., if MMC runs on a Tomcat, this needs to be added to catalina.sh)  Modify the LDAP configuration to use ldaps:// instead of ldap://