LDAP Test Server | LDAP: The Better Way | AOK Authentication Server
Clone the repo git clone https://github.com/jamesrf/stackato-ldap-test.git Then push it to an arbitrary Stackato VM (note: this is not the VM we are setting up the Stackato instance on, it is only for the server.
On the VM we are using to test, setup the ldap host
kato config set aok strategy/ldap/host <ldap-server-ip*>
kato config set aok strategy/ldap/port <ldap-server-port*>
kato config set aok strategy/ldap/group_query "(&(objectClass=posixGroup)(memberUid=%{username}))"
kato config set aok strategy/ldap/group_attribute "cn"
kato config set aok strategy/ldap/allowed_groups "[\"stackato-admin\",\"stackato-user\"]"
kato config set aok strategy/ldap/admin_groups "[\"stackato-admin\"]"
kato config set aok strategy/use "ldap"note: Login to the webclient for the VM the ldap server is running on, and checkout the log stream for the app. You should see a hostname and pot tfor the app, e.g.
{
"ldap-port":
{
"hostname":"192.168.68.91",
"host":"192.168.68.91",
"port":35556,
"name":"d66ef77f-1b3f-444e-9b3d-17da81e04d20",
"node_id":"harbor_node_1",
"dea_port":48444,
"dea_ip":"192.168.68.91",
"container_port":4000,
"int_port":4000,
"protocol":["tcp"]
}
}| field | value |
|---|---|
| LDAP base | 'dc=example, dc=com' |
| uid | samaccountname |
| group | posixgroup |
Default setup includes the following users:
| Username | Password | Groups | |
|---|---|---|---|
| stackato | [email protected] | stackato | stackato-admin |
| testuser1 | [email protected] | stackato | stackato-user |
| testuser2 | [email protected] | stackato | stackato-user, some-other-group |
| testuser3 | [email protected] | stackato | some-other-group |
Authenticating to the AD server works with the following configurationfor AOK. The connection is not encrypted.
ldap:
host: dc1.activestate.com
port: 389
method: plain
base: 'ou=Activators,dc=activestate,dc=dnd'
uid: 'sAMAccountName'
bind_dn: 'CN=Reader Account,CN=Users,DC=activestate,dc=dnd'
password: HienEtAiUse the above settings, and run the following on the VM. Alternatively, try this LDAP Test Server or if you have a Google Apps domains, checkout out the lower portion of this blog post for Google Login
kato config set cloud_controller_ng aok/enabled true
kato config set aok strategy/use ldap
kato config set aok strategy/ldap/host "dc1.activestate.com"
kato config set aok strategy/ldap/port 389
kato config set aok strategy/ldap/method "plain"
kato config set aok strategy/ldap/base "dc=example, dc=com"
kato config set aok strategy/ldap/bind_dn "your_bind_dn"
kato config set aok strategy/ldap/password "your_bind_password"
kato restart controller 1.) Clone the cloud controller
git clone [email protected]:ActiveState/cloud_controller_ng.git2.) Checkout branch release-v3.4 or release-v3.2 according to which VM you are testing.
local machine, assuming you have cloned the cloud controller indo Documents/ActiveState/ run the following
cd ~/Documents/ActiveState/cloud_controller_ng/
git checkout release-v3.4 # or git checkout release-v3.2
rsync -avz ~/Documents/ActiveState/cloud_controller_ng [email protected]:/home/stackato/stackato/code/cloud_controller_ng/3.) SSH into the VM and run the following
kato op import_from_yaml_files --upgrade
kato process restart cloud_controller_ng
kato config set cloud_controller_ng uaa/new_user_strategy individual
kato config set cloud_controller_ng uaa/new_user_strategies/individual/space_name fooNote to view the settings run kato config get cloud_controller aok. The yaml file can be opened at vim /home/stackato/stackato/code/cloud_controller_ng/config/cloud_controller.yml and search for uaa