62 lines
1.5 KiB
Markdown
62 lines
1.5 KiB
Markdown
# LDAP authentication
|
|
|
|
To run manual tests with the default docker-compose files.
|
|
|
|
Expose openldap container port by uncommenting the `ports` config in `docker-compose-ldap.yaml `
|
|
|
|
To start openldap:
|
|
|
|
```
|
|
docker-compose -f ./.ci/docker-compose-file/docker-compose.yaml -f ./.ci/docker-compose-file/docker-compose-ldap.yaml up -docker
|
|
```
|
|
|
|
## LDAP database
|
|
|
|
LDAP database is populated from below files:
|
|
```
|
|
apps/emqx_ldap/test/data/emqx.io.ldif /usr/local/etc/openldap/schema/emqx.io.ldif
|
|
apps/emqx_ldap/test/data/emqx.schema /usr/local/etc/openldap/schema/emqx.schema
|
|
```
|
|
|
|
## Minimal EMQX config
|
|
|
|
```
|
|
authentication = [
|
|
{
|
|
backend = ldap
|
|
base_dn = "uid=${username},ou=testdevice,dc=emqx,dc=io"
|
|
filter = "(& (objectClass=mqttUser) (uid=${username}))"
|
|
mechanism = password_based
|
|
method {
|
|
is_superuser_attribute = isSuperuser
|
|
password_attribute = userPassword
|
|
type = hash
|
|
}
|
|
password = public
|
|
pool_size = 8
|
|
query_timeout = "5s"
|
|
request_timeout = "10s"
|
|
server = "localhost:1389"
|
|
username = "cn=root,dc=emqx,dc=io"
|
|
}
|
|
]
|
|
```
|
|
|
|
## Example ldapsearch command
|
|
|
|
```
|
|
ldapsearch -x -H ldap://localhost:389 -D "cn=root,dc=emqx,dc=io" -W -b "uid=mqttuser0007,ou=testdevice,dc=emqx,dc=io" "(&(objectClass=mqttUser)(uid=mqttuser0007))"
|
|
```
|
|
|
|
## Example mqttx command
|
|
|
|
The client password hashes are generated from their username.
|
|
|
|
```
|
|
# disabled user
|
|
mqttx pub -t 't/1' -h localhost -p 1883 -m x -u mqttuser0006 -P mqttuser0006
|
|
|
|
# enabled super-user
|
|
mqttx pub -t 't/1' -h localhost -p 1883 -m x -u mqttuser0007 -P mqttuser0007
|
|
```
|