Contents
Cirrus Link Resources
Chariot MQTT Server v1 (previous version)
Cirrus Link Modules for Ignition
Contact Us (Sales/Support)
Forum
...
The following file must be manually edited to add and an LDAP Realm configuration:
...
LDAP Realm configuration properties:
Property | Required | Default | Description |
---|---|---|---|
enabled | no | true | A boolean indicating if the LDAP Realm should be enabled |
url | yes | The URL of the LDAP server | |
sysUserDn | yes | The distinguished name (DN) that Chariot uses to authenticate with the LDAP | |
sysPassword | yes | The password that Chariot uses to authenticate with the LDAP server | |
userDnTemplate | yes | The template used to construct the distinguished name (DN) of the LDAP entry corresponding to the user attempting to login. The login username is represented by "{0}" in the template | |
groupBaseDn | yes | The base distinguished name (DN) where group entries are found | |
groupNameAttribute | yes | The attribute to use for the group name when mapping to Chariot Role names | |
groupToRoleMapping | yes | A comma-separated list of group names mapped to the names of Chariot Role names |
...
LDAP Schema Object Classes
Name | Identifier | Type | Description |
---|---|---|---|
cls-mqttCredential | 1.3.6.1.4.1.60051.2.2.1 | Auxiliary | This class represents ACLs associate with an MQTT client. It may include one or more of either of the attributes cls-subTopicFilter or cls-pubTopicFilter |
LDAP Schema Attributes
Name | Identifier | Description |
---|---|---|
cls-subTopicFilter | 1.3.6.1.4.1.60051.2.1.1 | An MQTT topic filter to subscribe on |
cls-pubTopicFilter | 1.3.6.1.4.1.60051.2.1.2 | An MQTT topic filter to publish on |
The following configuration file must be manually added to configure LDAP authentication and authorization in the MQTT server:
...
LDAP auth configuration properties:
Property | Required | Default | Description |
---|---|---|---|
idAttribute | yes | The attribute of an entry that represents the username of the MQTT client to authenticate | |
url | yes | The URL of the LDAP server | |
sysUserDn | yes | The distinguished name (DN) that Chariot uses to authenticate with the LDAP server | |
sysPassword | yes | The password that Chariot uses to authenticate with the LDAP server | |
baseDn | yes | The base distinguished name (DN) where entries used for ACLs will be searched for |
Additionally the Chariot MQTT server must be configured to use the LDAP authentication instead of the internal MQTT Credentials. This can be done by manually editing the following configuration file:
...
LDAP Realm configuration properties:
Property | Required | Default | Description |
---|---|---|---|
authenticationService.target | yes | (type=default) | The Authentication Service target must be set to "(type=ldap)" |
authorizationService.target | yes | (type=default) | The Authorization Service target must be set to "(type=ldap)" |