How to install
Docker deployment
ToDo
Local deployment
Generally the didmos-worker-ldap can be used in several situations and multiple times e.g. for provisioning AD and openldap. In case of local deployment installation we have to create the working directory manually and locating the configuration and installation there. The Worker gets running via systemd service. The steps below describes the configuration for three scenarios.
Requirements
package dependencies
- >= openjdk-11-jdk
- python3
- maven
- rabbitmq-server
didmos component dependencies
- installed rabbitmq service - see TODO
- installed didmos-ra - see TODO
AD-Worker
Installation
Create the working directory.
mkdir -p /opt/didmos/provisioner/worker_ad/
cd /opt/didmos/provisioner/worker_ad
Install the didmos2-rabbitmq-worker-ldap Maven-Package.
mvn dependency:get -DrepoUrl=https://nexus.daasi.de/repository/maven-releases/ -Dartifact=de.daasi:didmos2-rabbitmq-worker-ldap:2.6.1:jar:exec -Dtransitive=false -Ddest=didmos2-rabbitmq-worker-ldap-2.6.1-exec.jar
Create a symbolic link to the jar-File used by the systemd Service.
ln -sf /opt/didmos/provisioner/worker_adldap/didmos2-rabbitmq-worker-ldap-2.6.1-exec.jar /opt/didmos/provisioner/worker_adldap/didmos2-rabbitmq-worker-exec.jar
Configuration
The configuration of the ADLDAP-Worker is located in three different files, that are placed in the previous generated directory /opt/didmos2/provisioner/worker_adldap
There is a basic configuration set including the three configuration files you can find inside this repository on the root-level.
| Name | Description |
|---|---|
| attributeMapping.xml | Additional attributes which not included in the basic configuration set can be configured additionally in the attributeMapping.xml |
| application.properties | Information regarding the AD-Connection (e.g. Username, Password, Base-DN) are configured in the application.properties |
| applicationContext.xml | TODO |
Note: If you are using a TLS-based secure connection it is required to add the ActiveDirectory Certificate Chain into the Java Default-Keystore.
After successful configuration the Worker can also tested by running manually.
java -jar -Dorg.identityconnectors.common.logging.class=org.identityconnectors.common.logging.impl.JDKLogger /opt/didmos/provisioner/worker_adldap/didmos2-rabbitmq-worker-exec.jar
SystemD Service
Copy the SystemD-Daemon from systemd-resources/didmos-worker-adldap.service into /etc/systemd/system/didmos-worker-adldap.service
Next you have to reload the daemon-configuration and enable and startup the didmos-worker-adldap.service
systemctl daemon-reload
systemctl enable --now didmos-worker-adldap.service
LDAP-Worker
Create the working directory.
mkdir -p /opt/didmos/provisioner/worker_ldap/
cd /opt/didmos/provisioner/worker_ldap
Install the didmos2-rabbitmq-worker-ldap Maven-Package.
mvn dependency:get -DrepoUrl=https://nexus.daasi.de/repository/maven-releases/ -Dartifact=de.daasi:didmos2-rabbitmq-worker-ldap:2.6.1:jar:exec -Dtransitive=false -Ddest=didmos2-rabbitmq-worker-ldap-2.6.1-exec.jar
Create a symbolic link to the jar-File used by the systemd Service.
ln -sf /opt/didmos/provisioner/worker_ldap/didmos2-rabbitmq-worker-ldap-2.6.1-exec.jar /opt/didmos/provisioner/worker_ldap/didmos2-rabbitmq-worker-exec.jar
Configuration
The configuration of the LDAP-Worker is located in three different files, that are placed in the previous generated directory /opt/didmos2/provisioner/worker_ldap
There is a basic configuration set including the three configuration files you can find inside this repository on the root-level.
| Name | Description |
|---|---|
| attributeMapping.xml | Additional attributes which not included in the basic configuration set can be configured additionally in the attributeMapping.xml |
| application.properties | Information regarding the AD-Connection (e.g. Username, Password, Base-DN) are configured in the application.properties |
| applicationContext.xml | TODO |
Note: If you are using a TLS-based secure connection it is required to add the ActiveDirectory Certificate Chain into the Java Default-Keystore.
After successful configuration the Worker can also tested by running manually.
java -jar -Dorg.identityconnectors.common.logging.class=org.identityconnectors.common.logging.impl.JDKLogger /opt/didmos/provisioner/worker_ldap/didmos2-rabbitmq-worker-exec.jar
SystemD Service
Copy the SystemD-Daemon from systemd-resources/didmos-worker-ldap.service into /etc/systemd/system/didmos-worker-ldap.service
Next you have to reload the daemon-configuration and enable and startup the didmos-worker-ldap.service
systemctl daemon-reload
systemctl enable --now didmos-worker-ldap.service
Response-Worker
Note: It is discouraged to use the ldap worker as a response worker (i.e. to write back responses such as target system IDs to didmos LDAP) and normally a SCIM based response worker should be used instead, which writes to Core API.
Create the working directory.
mkdir -p /opt/didmos/provisioner/worker_response/
cd /opt/didmos/provisioner/worker_response
Install the didmos2-rabbitmq-worker-ldap Maven-Package.
mvn dependency:get -DrepoUrl=https://nexus.daasi.de/repository/maven-releases/ -Dartifact=de.daasi:didmos2-rabbitmq-worker-ldap:2.6.1:jar:exec -Dtransitive=false -Ddest=didmos2-rabbitmq-worker-ldap-2.6.1-exec.jar
Create a symbolic link to the jar-File used by the systemd Service.
ln -sf /opt/didmos/provisioner/worker_response/didmos2-rabbitmq-worker-ldap-2.6.1-exec.jar /opt/didmos/provisioner/worker_response/didmos2-rabbitmq-worker-exec.jar
Configuration
The configuration of the LDAP-Worker is located in three different files, that are placed in the previous generated directory /opt/didmos2/provisioner/worker_response
There is a basic configuration set including the three configuration files you can find inside this repository on the root-level.
| Name | Description |
|---|---|
| attributeMapping.xml | Additional attributes which not included in the basic configuration set can be configured additionally in the attributeMapping.xml |
| application.properties | Information regarding the AD-Connection (e.g. Username, Password, Base-DN) are configured in the application.properties |
| applicationContext.xml | TODO |
Note: If you are using a TLS-based secure connection it is required to add the ActiveDirectory Certificate Chain into the Java Default-Keystore.
After successful configuration the Worker can also tested by running manually.
java -jar -Dorg.identityconnectors.common.logging.class=org.identityconnectors.common.logging.impl.JDKLogger /opt/didmos/provisioner/worker_response/didmos2-rabbitmq-worker-exec.jar
SystemD Service
Copy the SystemD-Daemon from systemd-resources/didmos-worker-ldap-response.service into /etc/systemd/system/didmos-worker-ldap-response.service
Next you have to reload the daemon-configuration and enable and startup the didmos-worker-ldap-response.service
systemctl daemon-reload
systemctl enable --now didmos-worker-ldap-response.service