--- title: "Core Linux - Active Directory (LDAP) Set Up" slug: "test-modeller-core-linux-active-directory-set-up-1" description: "Test Modeller Core Linux - Active Directory Set Up" tags: ["Test Modeller", "Installation"] updated: 2024-10-07T09:06:14Z published: 2024-10-25T09:44:03Z --- > ## Documentation Index > Fetch the complete documentation index at: https://knowledge.curiositysoftware.ie/llms.txt > Use this file to discover all available pages before exploring further. # Core Linux - Active Directory (LDAP) Set Up This article covers configuring Quality Modeller for Active Directory / LDAP / LDAPs Authentication. --- ## 1 - Obtain Active Directory Details You'll need to know the DOMAIN and URL of your Active Directory environment. ## 2 - Edit The Docker Environment Variables The package folder comes with a file called **docker-compose-ad.ym****l** - we will want to copy that file into a new file called **docker-compose-custom.ym****l** and then edit this newly created file. If you already have a **docker-compose-custom.yml** file with some custom configuration elements, we will simply be editing that file instead. ```shell cp docker-compose-ad.yml docker-compose-custom.yml ``` Next, we will edit the **api** section of the **docker-compose-custom.yml**file to include the correct values for the following environment variables, replacing the right-hand side of each line with the actual values: ```yaml api: environment: AUTH_METHOD: ActiveDirectory AD_URL: [Active Directory URL e.g. ldap://hostName:389 – ldaps://[hostname]:[port] for ldaps] AD_DOMAIN: [ActiveDirectory Domain e.g. curiosity.software] AD_FILTER: [Optional LDAP filter for User Groups e.g. for members of a TechAdmins group (memberof=CN=TechAdmins,OU=Tech ,DC=curiosity,DC=com)] AD_ADMIN_FILTER: [Optional LDAP filter for initial admin Groups e.g. Admins, TechAdmins] AD_NEW_USER_STRATEGY: [One of RequiresInvitation|AddAsReader|AddAsEditor - defaults to RequiresInvitation if not specified] ``` *Note: for the AD_FIlter you can use full search filter syntax* [**https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax**](https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax) *AD_ADMIN_FIlter only supports lists of groups* ## 3 - Use Correct docker-compose file to start the application When starting the application using the run.sh script, the **docker-compose-custom.yml** file which we edited will be used instead of the default **basic** configuration. ```shell ./run.sh ``` ## --- ## 4 - LDAPS Support (Optional) For an application server to trust your directory's certificate, the certificate must be imported. The certificate must be imported into the Java runtime environment of the API docker container. The JDK stores trusted certificates in a file called a keystore. The default keystore file is called cacerts. In the following examples, we use **server-certificate.crt** to represent the certificate file exported by your directory server. We will need to alter the instructions below to match the name of your certificate. See **docker-compose-ldaps.yml** for an example. Firstly, we need to map a volume to your device which is where your certificate is stored. To do that we edit the **api**service in the **docker-compose-custom.yml**file with the following volume. | **volumes:** **- /data/cert:/data/cert** | | --- | We then need to update the initial runtime command to perform import of your certificate to the Java runtime using keytool. [**https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html**](https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html) | **command: [sh, -c, "keytool -keystore /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/cacerts -storepass** **changeit -noprompt -importcert -file /data/cert/server-certificate.crt && /user/utilities/wait-for-it.sh postgres_db:5432 -t 0 – java -jar graph_api-1.0-SNAPSHOT.jar"]** | | --- | [](https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html) --- ## 5 - Start The Quality Modeller Services Refer to section 3 in this article: [**Quality Modeller Core linux Installation**](/docs/test-modeller-core-linux-installation) --- ## 6 - Log Into Quality Modeller UI Once the API starts up for the first time, log in with an Active Directory user. The first user that logs in will be the owner of the workspace and by default an administrator. *Note: only users with Active Directory credentials under the LDAP filter for user groups will be able to log into Quality Modeller.*** --- ## 7 - LDAP Groups LDAP groups are synchronised by default to Quality Modeller. You can specify the associated roles per group within the Quality Modeller administration panel. ## Related - [Quality Modeller](/get-started-with-test-modeller.md)