Using vmm.properties for LDAP configuration
When deploying 9.1.9.0 or greater, the vmm.properties file is used to define LDAP integration configuration.
This configuration file is the primary LDAP configuration method for Docker-based deployments. However, the vmm.properties can also be used to deploy LDAP configuration within the for use in a Kubernetes deployment.
Configuring LDAP with a Docker-based deployment
To configure LDAP using a Docker-based deployment:
- Configure your deployment env.sh file to
specify LDAP integration using the vmm.properties
file.
LDAP_ENABLE=true LDAP_USE_VMM_PROPERTIES_FILE=true - Set a value for each mandatory parameter within the vmm.properties configuration file. Each parameter contains an in-line detailed description.
- Optional: If you are using SSL for secure communication
with your LDAP server, you must:
- Set the vmm.ldapWithSSL parameter within the vmm.properties configuration file to true.
- Generate or import the SSL certificates. For more information, see Setting up LDAP over SSL.
- Place the certificates into the
/volumes/ts-pp/certs/custom/directory.
- Run the enableLDAPinDB utility script on the
.
For more information on running utilities within the , see Running utilities from the Utility server Docker container.
./enableLDAPinDB.shThe database used for this deployment must be configured and running for this script to complete.
Using vmm.properties with a Kubernetes-based deployment
The vmm.properties can also be used in a Kubernetes deployment
by including it within a custom Docker image. Your
Kubernetes deployment must then be configured to discover this configuration.
- Configure the LDAP parameters within the vmm.properties file as described in the Docker section (Step #1 through Step #3.)
- Include the configuration file within your custom by placing it within /SETUP/ldap/properties/ before building the custom Docker image.
- Deploy or re-deploy .
- Run the enableLDAPinDB utility script on the
.
For more information on running utilities within the , see Running utilities from the Utility server Docker container.
./enableLDAPinDB.shThe database used for this deployment must be configured and running for this script to complete.
The vmm.properties LDAP configuration file
#-----------------------------------------------------------------
# Licensed Materials - Property of HCL Technologies
#
# HCL Commerce
#
# (C) Copyright HCL Technologies Limited 1996, 2021
#
#-----------------------------------------------------------------
# The LDAP server type.
# Accepted values are IDS, DOMINO, SUNONE, AD, NDS, or CUSTOM.
# Where:
# IDS= IBM Directory Server
# DOMINO= IBM Lotus Domino
# SUNONE=Sun Java System Directory Server
# AD=Microsoft Windows Active Directory
# NDS=Novell Directory Services
# CUSTOM=A custom directory server
#--------------------------------------------------------
vmm.ldapType=
# The fully qualified LDAP server host name.
#--------------------------------------------------------
vmm.ldapHost=
# The LDAP server port number
#--------------------------------------------------------
vmm.ldapPort=
# Specifies whether the LDAP server requires an SSL connection.
# Accepted values are true, or false.
#--------------------------------------------------------
vmm.ldapWithSSL=
# The LDAP search base distinguished name. This value must be lower case.
# The default value is o=root organization
#--------------------------------------------------------
vmm.baseDN=o=root organization
# The LDAP user search filter.
# This value is used for the custom LDAP type only, and can be left blank otherwise.
#--------------------------------------------------------
vmm.ldapUserFilter=
# The LDAP user prefix
# For example, uid
#--------------------------------------------------------
vmm.userPrefix=
# The LDAP bind distinguished name. This value must be lower case.
#--------------------------------------------------------
vmm.bindDN=
# The LDAP bind password, XOR encoded by the WebSphere Application Server PropFilePasswordEncoder utility
# For example:
# {xor}Lz4sLChvLTs=
# It is recommended to store the value on Vault, at the path
# ${TENANT}/${ENVIRONMENT}/ldapBindPassword
#--------------------------------------------------------
vmm.xorBindPassword=
# A full DN that maps to the HCL Commerce root organization. This value must be lower case.
#--------------------------------------------------------
vmm.rootOrgDN=
# A full DN that maps to the HCL Commerce default organization. This value must be lower case.
#--------------------------------------------------------
vmm.defaultOrgDN=
# This value specifies the property names that are used to login within the application server.
# This field takes multiple login properties, delimited by a semicolon (;).
# For example, using uid;mail, all login properties are searched during login.
# In this example, if you specify the login ID as Bob,
# the search filter searches for uid=Bob or mail=Bob.
# If the search returns a single entry, then authentication can proceed.
# If multiple entries or no entries are found, an exception is thrown.
# The default value is uid;cn
#--------------------------------------------------------
vmm.ldapLoginProp=uid;cn
# The Realm name. This property is mandatory.
# If integrating with DX, you must use the same Realm name.
#--------------------------------------------------------
vmm.realmName=