Contents
Cirrus Link Resources
Chariot MQTT Server v1 (previous version)
Cirrus Link Modules for Ignition
Contact Us (Sales/Support)
Forum
Page History
Chariot can be configured to use an LDAP server for MQTT client authentication and authorization instead of Chariot's MQTT Credentials.
| Tip |
|---|
| This feature is available in Chariot v2.4.2 and newer |
LDAP Server
- LDAP Server schema and sample data can be found in the following directory:
samples/ldap/ldif/
- Entries in the LDAP Server used for authentication must support simple bind requests
- Entries in the LDAP Server used for authorization must extend the cls-mqttCredential Object Class and use the cls-subTopicFilter and cls-pubTopicFilter attributes to declare their ACLs (see description below)
...
| Name | Identifier | Description |
|---|---|---|
cls-subTopicFilter | 1.3.6.1.4.1.60051.2.1.1 | An MQTT topic filter to subscribe on |
cls-pubTopicFilter | 1.3.6.1.4.1.60051.2.1.2 | An MQTT topic filter to publish on |
Chariot Configuration
The MQTT Credentials LDAP configuration can be found by navigating to the following page on the Chariot UI and selecting the LDAP tab:
...
| Property | Required | Default | Description |
|---|---|---|---|
| authenticationService.target | yes | (type=default) | The Authentication Service target must be set to "(type=ldap)" |
| authorizationService.target | yes | (type=default) | The Authorization Service target must be set to "(type=ldap)" |
Examples
Example Microsoft Active Directory configuration:
...
Overview
Content Tools