Orient Me & CfC LDAP authentication

connections cnx

In many companies, it’s a requirement to only allow administrative access using a personalized user account. Therefore I thought it might be helpful to be able to configure the LDAP authentication with CfC. For CfC this is possible out of the box but because Orient Me isn’t using the default deployment path of CfC you need to do some customizing to get this working:

  1. Start your deployment like described in the official documentation. Before executing the deployCfC.sh you need to add the following line to the end of the A-11-boot-install-cfc.sh script within the same folder:
    read -n1 -r -p "Press any key to continue..." key
  2. Afterwards, you need to update the checksum within the manifest.md5. Create the checksum using the following command:
    md5sum A-11-boot-install-cfc.sh
  3. Define your LDAP administrative CfC user
    export ADMIN_USER=cnxadmin
    export ADMIN_PASSWD=passw0rd
  4. Start the deployCfC.sh script and wait for the “Press any key to continue”
  5. Add following lines into the /opt/cluster/config.yaml file:
    ldap_enabled: true
    default_admin_user: cnxadmin
    default_admin_password: passw0rd
  6. Customize /opt/cluster/misc/ldap/keystone.ldap.conf as needed
  7. Optional: Copy your LDAPs certificates (documentation)
  8. Press any key to continue with the deployCfC.sh script
  9. After the script is finished you need to customize two lines within /microservices/hybridcloud/bin/setup.sh:
    docker login -u cnxadmin -p passw0rd ${master_hostname}:8500
    kubectl create secret docker-registry myregkey --docker-server=${master_hostname}:8500 --docker-username=cnxadmin --docker-password=password --docker-email=connections@us.ibm.com
  10. Continue the Orient Me installation as described in the documentation.
  11. Enable new LDAP users within the CfC GUI (System – Users)

Leave a Reply

Your email address will not be published. Required fields are marked *