Configure the OpenLDAP container image to the HCL WebSphere Portal 9.5 Container Deployment

Read more about configuring the OpenLDAP container image to the 9.5 Container Deployment, which is available with HCL WebSphere Portal 9.5 Container Update release CF_181 and higher releases.

OpenLDAP Software is an open source implementation of the Lightweight Directory Access Protocol. For more information on OpenLDAP, visit https://www.openldap.org/.

The HCL WebSphere Portal 9.5 Container Update release CF_181 and higher includes an OpenLDAP container (version 2.4.49), and a customization of the operator to deploy the LDAP container and configure the HCL WebSphere Portal 9.5 Container deployment to use it.

Consult the HCL WebSphere Portal 9.5 Container deployment topic for the latest list of HCL WebSphere Portal 9.5 container deployments available with the HCL DX entitlements from the HCL Software License Portal.

Usage

Deployment of the OpenLDAP container in a production environment is not supported. This optional process of deploying OpenLDAP is solely intended for non-production environments to help one get started with HCL WebSphere Portal 9.5 container environment deployment. For production environments, use a production-quality LDAP (e.g. one with security hardening, firewall protection, etc). For production use, Administrators can choose to deploy their organization's LDAP (and possibly mirror the contents of that enterprise LDAP back to this newly deployed LDAP) or connect to an already defined LDAP server or database or custom user registry.

Note: To use the OpenLDAP container in a Docker (non-Kubernetes) environment, include the following statement in the Docker run command for this image.Example:

docker run -e LOCAL=true -p 1389:1389 -p 1636:1636 -p 1666:1666 -v dx-openldap-certs:/var/dx-openldap/certs -v 
dx-openldap-slapd.d:/var/dx-openldap/etc/openldap/slapd.d -v dx-openldap-ldap:/var/dx-openldap/ldap 
--name dx_openldap hcl/dx/openldap:v1.0.0-release_20200622_1592846796

Video: Use OpenLDAP with HCL DX 9.5 on Red Hat OpenShift

Deployment

To deploy the OpenLDAP image container for use with an HCL WebSphere Portal 9.5 container deployment, first create or update the dx-deployment config map.

Note: The config map MUST be named the same as the deployment. By default the deployment name is dx-deployment, however if we have modified the name in the git_v1_dxdeployment_cr.yaml, your config map name value must match your DXDeployment name value. For example, use my-custom-deployment for the config map name if your git_v1_dxdeployment_cr.yaml was modified as in the sample below:

kind: DxDeployment
metadata:
name: my-custom-deployment

The following sample file yaml file will deploy the OpenLDAP container with default data and ten (10) sample users. The LDAP administrator user name is dx_user with password p0rtal4u. DX is the organization, dc=dx,dc=com is the basedn and US is the country.

kind : ConfigMap
apiVersion : v1
metadata :
  name : dx-deployment
  namespace : your-namespace
apiVersion : v1
data :
   dx.deploy.openldap.enabled : 'true'
   dx.deploy.openldap.image : dx-openldap
   dx.deploy.openldap.tag : v1.0.0_20200428_1588034443

The following sample yaml file will deploy an OpenLDAP container using your custom organization, basedn, country and LDAP administrator password. LDAP administrator username is dx_user, which cannot be customized at this time.

kind: ConfigMap
apiVersion: v1
metadata:
  name: dx-deployment
  namespace: your-namespace
apiVersion: v1
data:
  dx.deploy.openldap.country: US
  dx.deploy.openldap.enabled: 'true'
  dx.deploy.openldap.image: dx-openldap
  dx.deploy.openldap.org: HCL
  dx.deploy.openldap.pwd: mycoolnewpwd
  dx.deploy.openldap.suffix: 'dc=dx,dc=hcl,dc=com'
  dx.deploy.openldap.tag: v1.0.0_20200428_1588034443

Currently, no sample users are made available when deploying OpenLDAP with custom values. Once the OpenLDAP container is fully deployed, the password entry can be removed from the config map.

Users can be added or changes made to the environment using ldapadd, ldapdelete and ldapmodify commands according to instructions in the OpenLDAP Administrator Guide.

Sample ldif file format for adding users:

dn : cn=my_new_user_group,ou=groups,dc=dx,dc=hcl,dc=com
objectClass : groupOfUniqueNames
cn : my_new_user_group
uniqueMember : uid=newuser1
uniqueMember : uid=newuser2

dn : uid=newuser1,ou=users,dc=dx,dc=hcl,dc=com
objectClass : inetOrgPerson
objectclass : top
objectclass : person
objectclass : organizationalPerson
cn : my newuser1
sn : newuser1
uid : newuser1
userPassword : passw0rd
givenName : my
mail : mynewuser1@dx.hcl.com
preferredLanguage : en_us
title : engineer
telephoneNumber : 999-999-9999

dn : uid=newuser2,ou=users,dc=dx,dc=hcl,dc=com
objectClass : inetOrgPerson
objectclass : top
objectclass : person
objectclass : organizationalPerson
cn : my newuser2
sn : newuser2
uid : newuser2
userPassword : passw0rd
givenName : my
mail : mynewuser2@dx.hcl.com
preferredLanguage : en_us
title : engineer
telephoneNumber : 999-999-9999

Copy the ldif file into the OpenLDAP container:

kubectl cp ./myldiffile.ldif dx-deployment-openldap-0:/tmp/

Execute into the OpenLDAP container and add the users:

kubectl exec -it dx-deployment-openldap-0 /bin/bash

cd /var/dx-openldap/bin

./ldapadd -h $HOSTNAME -p 1389 -f /tmp/myldiffile.ldif -x -D cn=dx_user,dc=dx,dc=hcl,dc=com -w p0rtal4u -v

The dx.deploy.openldap.enabled config map entry tells the HCL Digital Experience 9.5 container operator to deploy the OpenLDAP container and configure the HCL WebSphere Portal 9.5 deployed container to it.

Note: There are three (3) volumes self-provisioned for the OpenLDAP environment:

1. dx-slapd which maps to the /var/dx-openldap/etc/openldap/slapd.d directory within the container and holds the configuration data;
2. dx-lapd which maps to the /var/dx-openldap/ldap directory within the container and holds the db; and
3. dx-certs which maps to the /var/dx-openldap/certs directory within the container and holds the OpenLDAP TLS certificates.

If these volumes are not present, the OpenLDAP data will be lost if the container is restarted.

Additional configuration options are not currently supported.If we are adding the OpenLDAP container to an existing HCL Digital Experience 9.5 container deployment, we must stop the deployment and restart it with one (1) replica using the removeDx and deployDX scripts. Once fully started, we can safely scale it to N instances.

Note: TLS is 'allowed' out of the box with the HCL Digital Experience 9.5 container deployment, but the certificates created with the OpenLDAP container are not imported for use by HCL Digital Experience 9.5 containers.

Maintenance and Support

HCL WebSphere Portal will periodically provide updated OpenLDAP container images in the HCL DX entitlements available for customers from the HCL Software License Portal. HCL Product Support may be contacted with questions regarding this installation procedure. For additional information and support for OpenLDAP topics, please reference https://www.openldap.org/.

Consult the HCL WebSphere Portal 9.5 Container deployment page for the latest list of Digital Experience 9.5 container components available with your Digital Experience entitlements from the HCL Software License Portal.

Parent topic: Customization