This article describes how to customize the Airlock Configuration Center Authentication for Airlock WAF, e.g. to attach an external LDAP user directory.
As reference for the configuration the same manual as for the standard Airlock Authentication Service can be used. Basically every authentication scheme as for the Airlock Authentication Service is supported.
To customize the Airlock Authentication Service, follow these instructions:
Either copy the actual file "authenticator.properties" from directory "/opt/airlock/mgt-tomcat/webapps/auth/WEB-INF/classes" to "/opt/airlock/custom-settings/mgt-auth/"
or
Download the appropriate file "authenticator.properties" attached to this document and upload it to "/opt/airlock/custom-settings/mgt-auth/" e.g. with WinSCP as root.
Edit and customize the file "authenticator.properties" e.g. for authenticate on LDAP Server. Have a look on section "Example" below.
Set permissions on the file with following commands as user root:
# chown fown:alec authenticator.properties
# chmod 040 authenticator.properties
To activate the new configuration, use a root shell and restart the corresponding service:
For Airlock 5.x and 6.x:
# service airlock-mgt-tomcat restart
For Airlock 7.x and newer:
# systemctl restart airlock-mgt-tomcat.service
Check if service is running with the following command:
With Airlock 5.x and 6.x:
# service airlock-mgt-tomcat status
With Airlock 7.x and newer:
# systemctl status airlock-mgt-tomcat.service
Manually backup the customized file /opt/airlock/custom-settings/mgt-auth/authenticator.properties".
An example, which combines local and LDAP users, is attached in authenticator.properties. Change the placeholders like "<text>" with the corresponding value.
The example is not able to change a users password out of the Airlock configuration center.
Attachment | Size |
---|---|
![]() | 9 KB |
![]() | 7.42 KB |