Configure the OpenLDAP container image to the HCL Digital Experience 9.5 Container Deployment
Read more about configuring the OpenLDAP container image to the 9.5 container deployment, which is available with HCL Digital Experience 9.5 Container Update release CF181 and later.
OpenLDAP Software is an open-source implementation of the Lightweight Directory Access Protocol. For more information on OpenLDAP, visit https://www.openldap.org/.
The HCL Digital Experience 9.5 Container Update release CF181 and higher includes an OpenLDAP container, and a customization of the operator to deploy the LDAP container and configure the HCL Digital Experience 9.5 Container deployment to use it.
Usage
docker run -e LOCAL=true -p 1389:1389 -p 1636:1636 -p 1666:1666 -v dx-openldap-certs:/var/dx-openldap/certs -v
dx-openldap-slapd.d:/var/dx-openldap/etc/openldap/slapd.d -v dx-openldap-ldap:/var/dx-openldap/ldap
--name dx_openldap hcl/dx/openldap:v1.0.0-release_20200622_1592846796
Deployment of the HCL OpenLDAP container with custom parameters using
dxctl
does not configure the OpenLDAP container with custom
values. Instead, dxctl deploys and configures OpenLDAP to DX with the default
out-of-the-box values.
- Deploy DX without OpenLDAP (set
openldap.enabled:false
in the deployment.properties file). Ensure the image name, tag, and (if needed) the repository values for the your deployment are correct. These can be updated in the next step. - Edit the dx-deployment configmap to add the customization parameters:For example:
dx.deploy.openldap.country: US dx.deploy.openldap.org: HCL dx.deploy.openldap.pwd: mycoolnewpwd dx.deploy.openldap.suffix: 'dc=dx,dc=hcl,dc=com'
- Set
openldap.enabled: true
in the deployment.properties file. - Save the configmap changes.
Once these steps are completed, the DX container is recreated to run the OpenLDAP configuration task.
For more information on dxctl
, see the dxctl | HCL Digital Experience topic.
Deployment
kind: DxDeployment
metadata:
name: my-custom-deployment
kind: ConfigMap
apiVersion: v1
metadata:
name: dx-deployment
namespace: your-namespace
apiVersion: v1
data:
dx.deploy.openldap.enabled: 'true'
dx.deploy.openldap.image: dx-openldap
dx.deploy.openldap.tag: v1.0.0_20200428_1588034443
The following sample yaml file deploys an OpenLDAP container using your custom
organization, basedn, country and LDAP administrator password. LDAP administrator
user name is dx_user, which cannot be customized at this
time.kind: ConfigMap
apiVersion: v1
metadata:
name: dx-deployment
namespace: your-namespace
apiVersion: v1
data:
dx.deploy.openldap.country: US
dx.deploy.openldap.enabled: 'true'
dx.deploy.openldap.image: dx-openldap
dx.deploy.openldap.org: DX
dx.deploy.openldap.pwd: mycoolnewpwd
dx.deploy.openldap.suffix: 'dc=dx,dc=hcl,dc=com'
dx.deploy.openldap.tag: v1.0.0_20200428_1588034443
Once the OpenLDAP container is fully deployed, the password entry can be removed
from the config map. Sample users have a password of passw0rd. Additional users can be added or changes made to the data using ldapadd, ldapdelete and ldapmodify commands according to instructions in the OpenLDAP Administrator Guide.
Sample ldif file format for adding users:
dn: cn=my_new_user_group,ou=groups,dc=dx,dc=hcl,dc=com
objectClass: groupOfUniqueNames
cn: my_new_user_group
uniqueMember: uid=newuser1
uniqueMember: uid=newuser2
dn: uid=newuser1,ou=users,dc=dx,dc=hcl,dc=com
objectClass: inetOrgPerson
objectclass: top
objectclass: person
objectclass: organizationalPerson
cn: my newuser1
sn: newuser1
uid: newuser1
userPassword: passw0rd
givenName: my
mail: mynewuser1@dx.hcl.com
preferredLanguage: en_us
title: engineer
telephoneNumber: 9999999999
dn: uid=newuser2,ou=users,dc=dx,dc=hcl,dc=com
objectClass: inetOrgPerson
objectclass: top
objectclass: person
objectclass: organizationalPerson
cn: my newuser2
sn: newuser2
uid: newuser2
userPassword: passw0rd
givenName: my
mail: mynewuser2@dx.hcl.com
preferredLanguage: en_us
title: engineer
telephoneNumber: 9999999999
kubectl cp ./myldiffile.ldif dx-deployment-openldap-0:/tmp/
kubectl exec -it dx-deployment-openldap-0 /bin/bash
cd /var/dx-openldap/bin
./ldapadd -h $HOSTNAME -p 1389 -f /tmp/myldiffile.ldif -x -D cn=dx_user,dc=dx,dc=hcl,dc=com -w p0rtal4u -v
- dx-slapd which maps to the /var/dx-openldap/etc/openldap/slapd.d directory within the container and holds the configuration data;
- dx-lapd which maps to the /var/dx-openldap/ldap directory within the container and holds the db; and
- dx-certs which maps to the /var/dx-openldap/certs directory within the container and holds the OpenLDAP TLS certificates.
Additional configuration options are not currently supported.
Maintenance and Support
HCL Digital Experience will periodically provide updated OpenLDAP container images in the HCL Digital Experience entitlements available for customers from the HCL Software License Portal. HCL Product Support may be contacted with questions regarding this installation procedure. For additional information and support for OpenLDAP topics, please reference https://www.openldap.org/.
Consult the HCL Digital Experience 9.5 Container deployment page for the latest list of Digital Experience 9.5 container components available with your Digital Experience entitlements from the HCL Software License Portal.