Reputation: 763
Opendaylight integration with IDP/LDAP for authn/authz
Is it possible to integrate Opendaylight(AAA) with IDP (or) LDAP for authn/authz ? Or is this part of ODL future roadmap ?
I could see some reference documents stating about the above ones. Does anyone tried it, if so could you please share me the steps/configuration details.
Thanks
Upvotes: 0
Views: 152
Answers (1)
Reputation: 382
You have to edit this file {KARAF_HOME}/etc/shiro.ini
ODL provides a few LDAP implementations that are disabled out of the box. ODLJndiLdapRealm includes authorization functionality based on LDAP elements that are extracted through an LDAP search. This requires a bit of knowledge about how your LDAP system is setup.
ldapRealm = org.opendaylight.aaa.shiro.realm.ODLJndiLdapRealm
ldapRealm.userDnTemplate = uid={0},ou=<PEOPLE>,dc=<DOMAIN>,dc=<TLD>
ldapRealm.contextFactory.url = ldap://<URL>:<PORT>
ldapRealm.searchBase = dc=<DOMAIN>,dc=<TLD>
ldapRealm.ldapAttributeForComparison = <OBJECTCLASS>
...
Stacked realm configuration; realms are round-robbined until authentication succeeds or realm sources are exhausted. The $ldapRealm is only required if you are enabling LDAP. securityManager.realms = $tokenAuthRealm, $ldapRealm
Upvotes: 1
Related Questions
- Opendaylight Aluminium with mininet torus
- Opendaylight Integration with gns3
- Missing Dependency for OpenDaylight controller app (Sodium SR1)
- OpenDaylight beginner tutorial for Sodium
- "Opendaylight": Integration with openstack with opendaylight issue
- Is not there GUI for OpenDaylight anymore?
- POP 2 MPLS tags with OpenDayLight
- can not create project for opendaylight With Maven Archetype
- Opendaylight YANG RPC modelling for anyxml /anydata types
- Opendaylight API can't select node for creating flow