Contents
Cirrus Link Resources
Chariot MQTT Server v1 (previous version)
Cirrus Link Modules for Ignition
Contact Us (Sales/Support)
Forum
Page History
...
The following file must be manually edited to add and an LDAP Realm configuration:
...
LDAP Realm configuration properties:
| Property | Required | Default | Description |
|---|---|---|---|
| enabled | no | true | A boolean indicating if the LDAP Realm should be enabled |
| url | yes | The URL of the LDAP server | |
| sysUserDn | yes | The distinguished name (DN) that Chariot uses to authenticate with the LDAP | |
| sysPassword | yes | The password that Chariot uses to authenticate with the LDAP server | |
| userDnTemplate | yes | The template used to construct the distinguished name (DN) of the LDAP entry corresponding to the user attempting to login. The login username is represented by "{0}" in the template | |
| groupBaseDn | yes | The base distinguished name (DN) where group entries are found | |
| groupNameAttribute | yes | The attribute to use for the group name when mapping to Chariot Role names | |
| groupToRoleMapping | yes | A comma-separated list of group names mapped to the names of Chariot Role names |
Chariot MQTT - LDAP Authentication and ACLs
...
LDAP Schema Object Classes
| Name | Identifier | Type | Description |
|---|---|---|---|
cls-mqttCredential | 1.3.6.1.4.1.60051.2.2.1 | Auxiliary | This class represents ACLs associate with an MQTT client. It may include one or more of either of the attributes cls-subTopicFilter or cls-pubTopicFilter |
LDAP Schema Attributes
| Name | Identifier | Description |
|---|---|---|
cls-subTopicFilter | 1.3.6.1.4.1.60051.2.1.1 | An MQTT topic filter to subscribe on |
cls-pubTopicFilter | 1.3.6.1.4.1.60051.2.1.2 | An MQTT topic filter to publish on |
Chariot Configuration
The following configuration file must be manually added to configure LDAP authentication and authorization in the MQTT server:
...
LDAP auth configuration properties:
| Property | Required | Default | Description |
|---|---|---|---|
| idAttribute | yes | The attribute of an entry that represents the username of the MQTT client to authenticate | |
| url | yes | The URL of the LDAP server | |
| sysUserDn | yes | The distinguished name (DN) that Chariot uses to authenticate with the LDAP server | |
| sysPassword | yes | The password that Chariot uses to authenticate with the LDAP server | |
| baseDn | yes | The base distinguished name (DN) where entries used for ACLs will be searched for |
Additionally the Chariot MQTT server must be configured to use the LDAP authentication instead of the internal MQTT Credentials. This can be done by manually editing the following configuration file:
...
LDAP Realm configuration properties:
| Property | Required | Default | Description |
|---|---|---|---|
| authenticationService.target | yes | (type=default) | The Authentication Service target must be set to "(type=ldap)" |
| authorizationService.target | yes | (type=default) | The Authorization Service target must be set to "(type=ldap)" |
Overview
Content Tools