8. LDAP integration
LDAP (Lightweight Directory Access Protocol) is a user authentication data base, all users and groups information can be stored in LDAP. AppMesh users are able to integrate with LDAP to provide enterprise level security.
LDAP user authentication is integrated with JWT, user login provide password, AppMesh verify user from LDAP and then response with JWT token, the follow-up authentication with JWT token as usual without connect LDAP Server.
LDAP user organization
AppMesh can manage user with groups, each group map to a LDAP organization unit (posix group), each group can define related roles:
{
"Uri": "ldap://127.0.0.1:389",
"Groups": {
"admin": {
"BindDN": "cn={USER},ou=users,dc=example,dc=org",
"roles": [
"manage",
"view",
"shell",
"usermgr"
]
},
"mesh": {
"BindDN": "cn={USER},ou=users,dc=example,dc=org",
"roles": [
"view",
"shell"
]
}
},
"Roles": {
"manage": [
"app-control",
"app-delete"
],
"usermgr": [
"user-add",
"passwd-change-user"
],
"shell": [
"app-run-sync"
],
"view": [
"config-view",
"app-view-all",
"cloud-app-view"
]
}
}
Start LDAP service with Docker container
docker run --restart=always --name ldap-appmesh --hostname ldap-appmesh -p 389:389 -p 636:636 --detach osixia/openldap
docker run --restart=always --name ldap-appmesh-ui -p 8443:443 --hostname ldap-appmesh-ui --link ldap-appmesh:ldap-appmesh --env PHPLDAPADMIN_LDAP_HOSTS=ldap-appmesh --detach osixia/phpldapadmin
Open https://