...
| Code Block | ||
|---|---|---|
| ||
<?xml version="1.0" encoding="UTF-8" ?>
<enterprise-security-extension xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="config.xsd" version="1">
<realms>
<!-- Enable LDAP Realm -->
<ldap-realm>
<name>my-ldap-server</name>
<enabled>true</enabled>
<configuration>
<servers>
<ldap-server>
<host>testhivemq.com</host>
<port>389</port>
</ldap-server>
</servers>
<tls>tcp</tls>
<base-dn>DC=testhivemq,DC=com</base-dn>
<simple-bind>
<rdns>CN=HiveMQ,OU=Management,OU=hivemq/rdns>
<userPassword>hivemq</userPassword>
</simple-bind>
</configuration>
</ldap-realm>
</realms>
<pipelines>
<!-- Secure access to the MQTT broker -->
<listener-pipeline listener="ALL">
<!-- Authenticate MQTT client against a LDAP Server -->
<ldap-authentication-manager>
<realm>my-ldap-server</realm>
<clients-rdns>CN=customer1,OU=Customers</clients-rdns>
<uid-attribute>cn</uid-attribute>
</ldap-authentication-manager>
<!-- Authorize MQTT client client against a LDAP Server -->
<ldap-authorization-manager>
<realm>my-ldap-server</realm>
<use-authorization-key>true</use-authorization-key>
<use-authorization-role-key>true</use-authorization-role-key>
</ldap-authorization-manager>
</listener-pipeline>
</pipelines>
</enterprise-security-extension>
|
Restart the Broker
| Info |
|---|
After making changes to AD users or permissions, either restart the broker |
...
or the ESE to apply the updates. Please note that ESE caches permissions by default. |
\uD83D\uDCCB Related articles
...
| Filter by label (Content by label) | |||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|