New In 2.5.92 - UI page to help you configure LDAP authentication
If you're having trouble at any stage please contact us at email@example.com.
Compatible with SkyFormation App Version
This guide is compatible with SkyFormation App version 2.1.21 (see Get Your SkyFormation App Version). If you are using an older version of SkyFormation we highly recommend to update to the latest one.
SkyFormation platform is using an authentication mechanism based on local file with the relevant user:role:credentials information.
It is highly recommended to replace the default authentication mechanism with LDAP based one.
This would allow an easy way to add/remove users allowed access to SkyFormation, and improve the
user's information and credentials security.
This post explains how to use LDAP server as the SkyFormation authentication service provider.
SkyFormation application will ask the user for her user:password and validate these with the configured
SkyFormation application will not save the user's credentials sent to the LDAP.
- Make sure the SkyFormation machine could communicate with the LDAP server
- Have the LDAP server name and port number to use
- Make sure each user you would like to allow access to SkyFormation app has an attribute
with a specific value you would use to identify allowed users (e.g. ou with value SkyFormation admin)
- SSH to your SkyFormation machine
- Enter the SkyFormation tomcat container by running the command
For 2.3.x versions:
sudo docker container exec -it sk4_sk4_tomcat_1 bash
For 2.4.x versions:
sudo docker container exec -it sk4tomcat bash
- Make a copy of the following file (in case the LDAP change will not work)
sudo cp sk4conf/shiro/client-shiro.ini sk4conf/shiro/client-shiro.ini.orig
- Edit the file we just created a copy for
() Add the following LDAP configuration lines
ldapRealm.bindByAttribute = %the user attribute to lookup for authentication%
ldapRealm.contextFactory.url = ldaps://%ldap server address%:%LDAP server port with SSL%
ldapRealm.membershipAttribute = %the user's attribute name to look for%
ldapRealm.groupRolesMap = %"users attribute to lookup for each AuthN user to allow SkyFormation
// Optional - needed only in large scale LDAP deployments to avoid lengthy lookup
ldapRealm.baseSearch = %base DN to start the users seach from% (Optional)
// Only needed if anonymous LDAP search is not supported
securityManager.realms = $ldapRealm
ldapRealm.bindByAttribute = uid
sk4admin = currentpasswordhere, sk4-admin
- Exit the SkyFormation tomcat container you are at
- To support LDAPS (LDAP over SSL) if used above please follow these steps as well:
- Restart the SkyFormation application
sudo service sk4compose restart