...
Here’s how to set up the ldap-realm in the ESE config.xml file:
base-dn: LDAP distinguished name
simple-bind:
rdns: The relative distinguished names (RDN) of the base DN that the ESE uses to bind to the LDAP server. Make sure that this DN is bindable and has the necessary rights to search for the users and permissions.
userPassword: The password portion that the ESE uses to perform a simple bind operation on the LDAP server.
| Code Block |
|---|
<ldap-realm>
<name>my-ldap-server</name>
<enabled>true</enabled>
<configuration>
<servers>
<ldap-server>
<host>your hostname</host>
<port>389</port>
</ldap-server>
</servers>
<tls>tcp</tls>
<base-dn>dc=hivemq,dc=com</base-dn>
<simple-bind>
<rdns>cn=ese,cn=hivemq</rdns>
<userPassword>password</userPassword>
</simple-bind>
</configuration>
</ldap-realm> |
...
Next, to implement custom authentication logic using LDAP, you must configure the LDAP Authentication Manager in your ESE config.xml:clients-rdns: LDAP directory name.
uid-attribute: The unique LDAP attribute that is used to identify every entry in the subtree of client RDNs. The default setting is uid.
| Code Block |
|---|
<ldap-authentication-manager>
<realm>my-ldap-server</realm>
<clients-rdns>ou=mqtt-clients,ou=iot-services</clients-rdns>
<uid-attribute>cn</uid-attribute>
<required-object-class>hmq-mqttClient</required-object-class>
</ldap-authentication-manager> |
...
| Code Block | ||
|---|---|---|
| ||
<ldap-authorization-manager>
<realm>my-ldap-server</realm>
<directory-descent>false</directory-descent>
<use-authorization-key>false</use-authorization-key>
<use-authorization-role-key>true</use-authorization-role-key>
</ldap-authorization-manager> |
...