Test Modeller Core (Linux) Optional – Active Directory

Search Knowledge Base by Keyword

< Back

1 – Use correct docker-compose.yml file

Delete the existing docker-compose.yml file and rename the

docker-compose-fullstack-ssl-ad.yml so that it is called docker-compose.yml

2 – Obtain Active Directory details

You’ll need to know the DOMAIN and URL of your Active Directory environment.

3 – Edit the docker environment variables

Edit the API image configuration to contain the following environment variables

AUTH_METHOD: ActiveDirectory

AD_URL: [Active Directory URL e.g. ldap://hostName:389 – ldaps://[hostname]:[port] for ldaps]

AD_DOMAIN: [ActiveDirectory Domain e.g. curiosity.software]

AD_FILTER: [Optional LDAP filter for User Groups e.g. for members of a TechAdmins group:

(memberof=CN=TechAdmins,OU=Tech ,DC=curiosity,DC=com)

AD_ADMIN_FILTER: [Optional LDAP filter for initial admin Groups e.g. Admins, TechAdmins]

Note: for the AD_Filter you can use full search filter syntax

https://docs.microsoft.com/en-us/windows/win32/adsi/search-filter-syntax

AD_ADMIN_FILTER only supports lists of groups.

4 – LDAPS support (optional)

For an application server to trust your directory’s certificate, the certificate must be imported.

The certificate must be imported into the Java runtime environment of the API docker container. The JDK stores trusted certificates in a file called a keystore. The default keystore file is called cacerts.

In the following examples, we use server-certificate.crt to represent the certificate file exported by your directory server. You will need to alter the instructions below to match the name of your certificate. See docker-compose-fullstack-ssl-ldaps.yml for an example.

Firstly, you need to map a volume to your device which is where your certificate is stored.

To do that we edit the testmodeller_api service with the following volume.

      volumes:
- /data/cert:/data/cert

We then need to update the initial runtime command to perform import of your certificate to the java runtime using keytool.

https://docs.oracle.com/javase/8/docs/technotes/tools/unix/keytool.html

command: [sh, -c, "keytool -keystore /usr/lib/jvm/java-1.8-openjdk/jre/lib/security/cacerts -storepass changeit -noprompt -importcert -file /data/cert/server-certificate.crt && /user/utilities/wait-for-it.sh postgres_db:5432 -t 0 – java -jar graph_api-1.0-SNAPSHOT.jar"]

 5 – Start the Test Modeller Services

              Refer to section 5 in article: Test Modeller Core (Linux) Installation

6 – Log into Test Modeller UI

Once the API starts up for the first time, log in with an Active Directory user.

The first user that logs in will be the owner of the workspace and by default an administrator.

Note: only users with Active Directory credentials under the LDAP filter for user groups will be able to log into Modeller

7 – LDAP groupings

LDAP groupings are synchronised by default to Test Modeller. You can specify the associated roles per group within the Test Modeller administration panel.