LDAP Vendors in SecureTrack

Overview

LDAP vendors can be used for user authentication in SecureTrack. You can add custom LDAP vendors, which are not included in the TOS installation, change attributes for existing LDAP vendors, delete attributes or LDAP vendors, and retrieve LDAP vendor configuration.

By default, TOS includes the following LDAP vendors in SecureTrack:

  • Active Directory

  • OpenLDAP

  • Sun

To add, modify, or delete vendors in SecureChange, contact Turin Support.

LDAP vendors must support LDAPv3 protocol.

Add/Modify LDAP Vendors

The set_ldap_vendor_configuration command allows you do add, modify, and delete LDAP vendors and attributes.

  • To add an LDAP vendor, add an attribute and the vendor is created automatically.

  • To modify an LDAP vendor, add or update its attributes.

  • To delete an LDAP vendor, delete all of its attributes. You can also delete one or more attributes.

Syntax

kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r set_ldap_configuration -v '<vendor_name>' -a '<action>' --attr_objective '<attr_objective>' --attr_name '<attr_name>' --attr_type '<attr_type>'
kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r set_ldap_configuration -v '<vendor_name>' -a '<action>' --attr_objective '<attr_objective>' --attr_name '<attr_name>' --attr_type '<attr_type>'

Parameters

Parameter

Description

--action add_or_update

--action delete

add_or_update: Adds a new value or updates an existing value.

delete: Deletes an existing value.

--vendor '<vendor_name>'

Vendor name that appears in SecureTrack: Settings > Configuration > External Authentication > LDAP Authentication > Server Type

--attr_objective
'<attr_objective>'

Attribute from the list of LDAP server attributes.

--attr_name '<attr_name>'

Name of the LDAP vendor field that corresponds to the attr_objective.

--attr_type '<attr_type>'

Supported attribute types:

  • string
  • binary

Example

For the Active Directory vendor, update the mail attribute name to the string mail:

kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r set_ldap_configuration -v 'Active Directory' -a 'add_or_update' --attr_objective 'mailAttributeName' --attr_name 'mail' --attr_type 'string'
kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r set_ldap_configuration -v 'Active Directory' -a 'add_or_update' --attr_objective 'mailAttributeName' --attr_name 'mail' --attr_type 'string'

Retrieve LDAP Vendor Configuration

The get_ldap_vendor_configuration command retrieves the configuration for all available LDAP vendors or for the specified LDAP vendor.

Syntax

kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r get_ldap_configuration [-v '<vendor_name>']
kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r get_ldap_configuration [-v '<vendor_name>']

Parameters

Parameter

 Description
--vendor '<vendor_name>' (Optional) Returns the configuration details for the specified vendor.

Examples

Returns the configuration for all LDAP vendors:

kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r get_ldap_configuration
kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r get_ldap_configuration

Returns the configuration for Active Directory: 

kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r get_ldap_configuration -v 'Active Directory'
kubectl exec -it deploy/keycloak-service -c keycloak-service -- manage_keycloak -r get_ldap_configuration -v 'Active Directory'