Setting Up LDAP for AAKE

LDAP enables users to log onto Automic Automation by using their company-wide credentials. For more information, see LDAP and LDAP and LDAP Sync - Authenticating Login Data and Synchronizing Users

AAKE requires using LDAP over TLS/SSL. That means that the certificate(s) of the LDAP server must be available to the Java Work Process (JWP) in the JWP keystore.

Before installing AAKE, make sure that you have covered the following issues:

  • The LDAP key in UC_SYSTEM_SETTINGS must be set to Y; otherwise, you cannot use LDAP to authenticate login data using LDAP. For more information, see LDAP.

  • The relevant certificate must be added to the JWP keystore.

  • Configure the JWP keystore, in which the certificate is stored so that the JWP can establish the connection to the LDAP server using TLS/SSL. In AAKE, that means creating the jwp-keystore Kubernetes secret so that the certificate can be passed on to the LDAP server. For more information, see TLS/SSL Connection - Configuring the JWP Keystore and Adding Certificates.

    After installing AAKE, if the jwp-keystore secret exists, it is automatically mounted in all JWP pods using the relevant path.

    Notes:

    • If you do not want to use the default path, make sure the path is the same as defined in the JWP_KEYSTORE_PATH key of the UC_SYSTEM_SETTINGS variable. For more information, see JWP_KEYSTORE_PATH.

    • You cannot change neither the secret name nor the default path.

Once the system is ready to connect to the LDAP server, you have to duplicate configure your Clients and Users to use LDAP to authenticate the login data.

For detailed instructions on how to set up the connection and your Client and Users, see LDAP Connection Setup.

You also have the option of installing and configuring LDAP Sync to take care of the LDAP directory synchronization. It is a command line tool that can be used to synchronize the Microsoft Active Directory (AD) or Oracle Directory Services (ODS) and the Automic system user objects. For more information, see LDAP Sync - Synchronizing LDAP and Automic system Users.

See also: