(Optional) Configure the Spring Insight Dashboard to Authenticate with LDAP

If you use LDAP, you can use it to authenticate users logging in to the Insight Dashboard. The examples shown in the procedure are for OpenLDAP.

Prerequisites

Install Spring Insight Dashboard and create a tc Runtime instance. See Install and Start Spring Insight Dashboard .

Procedure

  1. Copy the insight-dashboard-security-ldap-1.5.x.RELEASE.jar and insight-plugin-dashboard-security-ldap.xml files from the extras/ldap directory to the insight/dashboard-plugins directory of your Dashboard tc Runtime instance.

    For example, enter the following commands, each on a single line without line breaks:

    prompt$ cd /home/tcserver/vfabric-tc-server-standard-edition-2.6.0.RELEASE/myDashboard
    prompt$ cp extras/ldap/* insight/dashboard-plugins
  2. Remove the default security-tcserver.jar.

    prompt$ rm insight/dashboard-plugins/insight-dashboard-security-tcserver-1.1.x.RELEASE.jar

    Note

    The dashboard-plugins directory may contain either security-tcserve.jar or security-ldap.jar, but not both.

  3. In insight/dashboard-plugins/plugin-config/ insight-plugin-dashboard-security-ldap.xml, modify bean contextSource to point to your own LDAP server.

    <bean id="contextSource" 
          class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
      <constructor-arg value="ldap://myOpenLDAPServer:389/dc=springsource,dc=com"/>
      <property name="userDn" value="cn=Manager,dc=springsource,dc=com"/>
      <property name="password" value="secret"/>
    </bean>
  4. Add userDN and password properties that the Directory Manager or other user will use to connect to the LDAP server.

    Note

    If the LDAP server allows anonymous access you do not need to add userDN and password properties.

    <bean id="contextSource" 
          class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
      <constructor-arg value="ldap://myOpenLDAPServer:389/dc=springsource,dc=com"/>
      <property name="userDn" value="cn=Manager,dc=springsource,dc=com"/>
      <property name="password" value="secret"/>
    </bean>
  5. In the insightAuthenticationProvider bean, modify the userDnPatterns property to specify your User Base DN.

    <property name="userDnPatterns">
             <list><value>cn={0},ou=Users,o=SpringInsight</value></list>
    </property>
  6. Modify the first <constructor-arg> element of the TransformingLdapAuthoritiesPopulator bean to point to your Group Base DN.

    <bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
      <constructor-arg ref="contextSource"/>
      <constructor-arg value="ou=Groups,o=SpringInsight"/>
      <property name="groupSearchFilter" value="(|(member={0})(member={1}))"/>
    </bean>
    
  7. Set up the two Insight roles by modifying the map element of the second <constructor-arg> element to specify the groups for regular Insight users (Operators) and Insight administrators (Administrators).

    <map>
      <entry key="Operators" value="insight"/>
      <entry key="Administrators" value="insight_admin"/>
    </map>