Test Modeller Core Linux - Active Directory Set Up
1 – Use correct docker-compose.yml file
Delete the existing docker-compose.yml file and rename the
docker-compose-fullstack-ssl-ad.yml so that it is called docker-compose.yml
2 – Obtain Active Directory details
You'll need to know the DOMAIN and URL of your Active Directory environment.
3 – Edit the docker environment variables
Edit the API image configuration to contain the following environment variables
AUTH_METHOD: ActiveDirectory |
Note: for the AD_Filter you can use full search filter syntax
https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax
AD_ADMIN_FILTER only supports lists of groups.
4 – LDAPS support (optional)
For an application server to trust your directory's certificate, the certificate must be imported.
The certificate must be imported into the Java runtime environment of the API docker container. The JDK stores trusted certificates in a file called a keystore. The default keystore file is called cacerts.
In the following examples, we use server-certificate.crt to represent the certificate file exported by your directory server. You will need to alter the instructions below to match the name of your certificate. See docker-compose-fullstack-ssl-ldaps.yml for an example.
Firstly, you need to map a volume to your device which is where your certificate is stored.
To do that we edit the testmodeller_api service with the following volume.
volumes: |
We then need to update the initial runtime command to perform import of your certificate to the java runtime using keytool.
https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html
command: [sh, -c, "keytool -keystore /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/cacerts -storepass changeit -noprompt -importcert -file /data/cert/server-certificate.crt && /user/utilities/wait-for-it.sh postgres_db:5432 -t 0 – java -jar graph_api-1.0-SNAPSHOT.jar"] |
5 – Start the Test Modeller Services
Refer to section 5 in article: Test Modeller Core Linux Installation
6 – Log into Test Modeller UI
Once the API starts up for the first time, log in with an Active Directory user.
The first user that logs in will be the owner of the workspace and by default an administrator.
Note: only users with Active Directory credentials under the LDAP filter for user groups will be able to log into Modeller
7 – LDAP groupings
LDAP groupings are synchronised by default to Test Modeller. You can specify the associated roles per group within the Test Modeller administration panel.
TEST MODELLER SET UP AND INSTALLATION