Contents
Cirrus Link Resources
Chariot MQTT Server v1 (previous version)
Cirrus Link Modules for Ignition
Contact Us (Sales/Support)
Forum
Page History
...
conf/com.cirruslink.chariot.server.auth.ldap.config
Example ldap (OpenDJ) LDAP configuration:
| No Format |
|---|
idAttributeusernameAttributeName="uid" subTopicAttributeName="cls-subTopicFilter" pubTopicAttributeName="cls-pubTopicFilter" credentialObjectClassName="cls-mqttCredential" baseDn="dc=cirruslink,dc=com" url="ldap://localhost:389" username="cn=chariot" password="123456" aclCheckInterval="10000" |
Example Microsoft Active Directory configuration:
| No Format |
|---|
usernameAttributeName="sAMAccountName" subTopicAttributeName="clsSubTopicFilter" pubTopicAttributeName="clsPubTopicFilter" credentialObjectClassName="clsMqttCredential" baseDn="CN=Users,DC=chariot,DC=io" url="ldap://chariot-testing.chariot.io:389" sysUserDn="cnCN=Administrator,CN=Users,DC=chariot,DC=io" sysPassword="*******" aclCheckInterval=I"12345610000" |
LDAP auth configuration properties:
| Property | Required | Default | Description |
|---|---|---|---|
| idAttributeusernameAttributeName | yes | The attribute of an entry that represents the username of the MQTT client to authenticate | |
| subTopicAttributeName | yes | The multivalued attribute of an entry that represents a subscription topic filters | |
| pubTopicAttributeName | yes | The multivalued attribute of an entry that represents a publish topic filters | |
| credentialObjectClassName | yes | The ObjectClass of an entry that holds the credentials | |
| url | yes | The URL of the LDAP server | |
| sysUserDnusername | yes | The distinguished name (DN) that Chariot uses to authenticate with the LDAP server | |
| sysPasswordpassword | yes | The password that Chariot uses to authenticate with the LDAP server | |
| baseDn | yes | The base distinguished name (DN) where entries used for ACLs will be searched for | |
| aclCheckInterval | yes | The interval (in ms) between ACL updates |
Additionally the Chariot MQTT server must be configured to use the LDAP authentication instead of the internal MQTT Credentials. This can be done by manually editing the following configuration file:
...
Overview
Content Tools