You are here

Customize the Airlock Configuration Center authentication

Affects version(s): 

This article describes how to customize the Airlock Configuration Center Authentication for Airlock Gateway, e.g. to attach an external LDAP user directory. Use the manual of the Airlock Authentication Service for reference.

To customize the Airlock Authentication Service, follow these instructions:

  • Either copy the actual file "" from directory "/opt/airlock/mgt-tomcat/webapps/auth/WEB-INF/classes" to "/opt/airlock/custom-settings/mgt-auth/"
    Download the appropriate file "" attached to this document and upload it to "/opt/airlock/custom-settings/mgt-auth/" e.g. with WinSCP as root.

  • Edit and customize the file "" e.g. for authenticate on LDAP Server. Have a look on section "Example" below.

  • Set permissions on the file with following commands as user root:

# chown fown:alec
# chmod 040

Activate the new configuration

To activate the new configuration, use a root shell and restart the corresponding service:

# systemctl restart airlock-mgt-tomcat​​​​​​

Check if service is running with the following command:

# systemctl status airlock-mgt-tomcat


Manually backup the customized file /opt/airlock/custom-settings/mgt-auth/".


An example, which combines local and LDAP users, is attached in Change the placeholders like "<text>" with the corresponding value.

  • The LDAP users must be members of at least one group "airlock-supervisor", "airlock-administrator", "airlock-auditor" or "airlock-app-admin". The names of these groups are used as role names in the Configuration Centers permission model. Please refer to the Airlock Gateway documentation for a concise overview of the administrator roles.
  • The example is not able to change a users password out of the Airlock configuration center.

Knowledge Base Categories: