Integrating HCL Commerce Kubernetes deployments with LDAP

Beginning with HCL Commerce 9.1.9.0, HCL Commerce can be integrated with a number of popular Lightweight Directory Access Protocol (LDAP) services, or with a custom LDAP implementation.

There are three methods to configure LDAP within a Kubernetes deployment:

Using Vault key pairs.
Using the vmm.properties LDAP configuration file.
Using Helm Chart configuration maps.

Procedure

Configure HCL Commerce with the LDAP configuration method, and provide the LDAP configuration information for the associated configuration method.
- If you are using the Vault key pair configuration method.
  1. Define the LDAP configuration method within your Helm Chart parameters.
    - Set the LDAP enabled parameter for the environment that you are configuring in your custom values.yml configuration file to true.
    - Keep the non-vault configuration method properties values (useVmmPropertiesFile, and useConfigMapForVmmPropertiesFile) as false.
      Note: This is the default method, so no other parameters must be set.
  2. Define the LDAP configuration values in Vault.
    See LDAP integration within the Environment data in Consul/Vault reference.
- If you are using the vmm.properties configuration method:
  1. Define the LDAP configuration method within your Helm Chart parameters.
    - Set the LDAP enabled parameter for the environment that you are configuring in your custom values.yml configuration file to true.
    - Set the useVmmPropertiesFile parameter to true.
    - Keep the useConfigMapForVmmPropertiesFile parameter as false.
  2. Set the values for LDAP configuration within the vmm.properties file.
  3. Include the configuration file within your custom Transaction server Docker container by placing it within /SETUP/ldap/properties/ before building the custom Docker image for use within your deployment.
- If you are using the Configuration Map method:
  1. Define the LDAP configuration method within your Helm Chart parameters.
    - Set the LDAP enabled parameter for the environment that you are configuring in your custom values.yml configuration file to true.
    - Set the useConfigMapForVmmPropertiesFile parameter to true.
    - Keep the useVmmPropertiesFile parameter as false.
  2. Define the LDAP configuration values within the ldap-vmm-auth.properties and ldap-vmm-auth.properties Helm Chart Configuration Map files.
Deploy or re-deploy your HCL Commerce Helm Chart.
For more information, see step #4 in Deploying HCL Commerce on a Kubernetes cluster.
Run the enableLDAPinDB utility script in the Utility server Docker container.
```
./enableLDAPinDB.sh
```
For more information on running utilities within the Utility server, see Running utilities from the Utility server Docker container.

The database used for this deployment must be configured and running for this script to complete.

Results

Your HCL Commerce deployment now uses the configured LDAP service for user credential verification.