HCL Commerce Version 9.1.9.0 or later

Docker-based deployment LDAP configuration

When deploying HCL Commerce 9.1.9.0 or greater with the Docker Compose method, the vmm.properties file is used to define LDAP integration configuration.

Configuring LDAP with a Docker-based deployment

To configure LDAP using a Docker-based deployment:
  1. Configure your deployment env.sh file to specify LDAP integration using the vmm.properties file.
    LDAP_ENABLE=true
LDAP_USE_VMM_PROPERTIES_FILE=true
  2. Set a value for each mandatory parameter within the vmm.properties configuration file. Each parameter contains an in-line detailed description.
  3. Optional: If you are using SSL for secure communication with your LDAP server, you must:
    1. Set the vmm.ldapWithSSL parameter within the vmm.properties configuration file to true.
    2. Generate or import the SSL certificates. For more information, see Setting up LDAP over SSL.
    3. Place the certificates into the /volumes/ts-pp/certs/custom/ directory.
  4. Run the enableLDAPinDB utility script on the Utility server.
    ./enableLDAPinDB.sh

    For more information on running utilities within the Utility server, see Running utilities from the Utility server Docker container.

    The database used for this deployment must be configured and running for this script to complete.

The vmm.properties LDAP configuration file


#----------------------------------------------------------------- 
# Licensed Materials - Property of HCL Technologies
# 
# HCL Commerce 
# 
# (C) Copyright HCL Technologies Limited 1996, 2021    
# 
#----------------------------------------------------------------- 

# The LDAP server type.
# Accepted values are IDS, DOMINO, SUNONE, AD, NDS, or CUSTOM.
# Where:
#    IDS= IBM Directory Server
#    DOMINO= IBM Lotus Domino
#    SUNONE=Sun Java System Directory Server
#    AD=Microsoft Windows Active Directory
#    NDS=Novell Directory Services
#    CUSTOM=A custom directory server
#-------------------------------------------------------- 

vmm.ldapType= 

# The fully qualified LDAP server host name.
#-------------------------------------------------------- 

vmm.ldapHost=

# The LDAP server port number 
#-------------------------------------------------------- 

vmm.ldapPort=

# Specifies whether the LDAP server requires an SSL connection.
# Accepted values are true, or false.
#-------------------------------------------------------- 

vmm.ldapWithSSL=

# The LDAP search base distinguished name. This value must be lower case.
# The default value is o=root organization
#-------------------------------------------------------- 

vmm.baseDN=o=root organization 

# The LDAP user search filter. 
# This value is used for the custom LDAP type only, and can be left blank otherwise.
#-------------------------------------------------------- 

vmm.ldapUserFilter= 

# The LDAP user prefix
# For example, uid
#-------------------------------------------------------- 

vmm.userPrefix= 

# The LDAP bind distinguished name. This value must be lower case.
#-------------------------------------------------------- 

vmm.bindDN= 

# The LDAP bind password, XOR encoded by the WebSphere Application Server PropFilePasswordEncoder utility 
# For example: 
# {xor}Lz4sLChvLTs= 
# It is recommended to store the value on Vault, at the path
# ${TENANT}/${ENVIRONMENT}/ldapBindPassword 
#-------------------------------------------------------- 

vmm.xorBindPassword= 

# A full DN that maps to the HCL Commerce root organization. This value must be lower case. 
#-------------------------------------------------------- 

vmm.rootOrgDN= 

# A full DN that maps to the HCL Commerce default organization. This value must be lower case. 
#-------------------------------------------------------- 

vmm.defaultOrgDN= 

# This value specifies the property names that are used to login within the application server.
# This field takes multiple login properties, delimited by a semicolon (;).
# For example, using uid;mail, all login properties are searched during login.
# In this example, if you specify the login ID as Bob,
# the search filter searches for uid=Bob or mail=Bob.
# If the search returns a single entry, then authentication can proceed.
# If multiple entries or no entries are found, an exception is thrown.
# The default value is uid;cn 
#-------------------------------------------------------- 

vmm.ldapLoginProp=uid;cn 

# The Realm name. This property is mandatory.  
# If integrating with DX, you must use the same Realm name.
#-------------------------------------------------------- 

vmm.realmName=