...
Configuration for LDAP Authentication
The UDMG Authentication Proxy is capable to use a LDAP Service to authenticate users for UDMG Admin UI:
Panel |
---|
# Proxy Configuration
[proxy]
# Enable Auto Recover
recover = true
# Enable Cors
cors = true
# Enable Request Track ID
tracker = false
# Enable Logguer
logger = true
# Listen Port
port = "5000"
# Listen IP
inet = "127.0.0.1"
# Service with LDAP Authentication
[service.mft]
# MFT Waarp Gateway Listen Protocol
protocol = "http"
# MFT Waarp Gateway Hostname or IP
hostname = "localhost"
# MFT Waarp Gateway Port
port = "18080"
# This option is breaking glass option for admins, they will not reach the LDAP service during the Auth Stage
admins = ["admin"]
# User for Sync Password Between Ldap and Proxy
[service.mft.credential]
# Pre - Setup user under MFT Waarp Gateway
username = "ldap_sync"
password = "ldap_password"
# LDAP Configuration
[service.mft.auth.ldap]
# LDAP Server DC with OU
dn = "ou=users,dc=stonebranch,dc=com"
# LDAP Server FQDN or IP
hostname = "myldap.server.fqdn.com"
# LDAP Server pORT
port = "1389"
|
...
Panel |
---|
# ssh-keygen -t rsa -q -N "" -f /etc/mft/agent_proxy/agent
# ssh-keygen -t rsa -q -N "" -f /etc/mft/agent_proxy/client
|
If OpenSSH is not installed or not available, the PuTTY tool can be used instead.
Use PuTTYgen to generate a key pair for the agent, more detailled instructions can be found here: Using public keys for SSH authentication
![](https://stonebranchdocs.atlassian.net/wiki/download/thumbnails/5701765/4.png?version=1&modificationDate=1663941012000&cacheVersion=1&api=v2&width=616)
After generating the key, export it with OpenSSH format:
...
Panel |
---|
[agent]
# Listen IP Address
hostname = "0.0.0.0"
# Listen Port
port = "2222"
# SSH Priv Key
ssh_key = "agent"
# SSH Public Key
ssh_key_pub = "agent.pub"
# Service User
username = "mft"
# Service Password
password = "61ee8b5601a84d5154387578466c8998848ba089"
|
The password key will be used for the client authentication.
Client Configuration
Create a configuration file as C:\MFT\MFT Agent\client\client.toml
...
Setup the Windows Services
UDMG Server
Open a PowerShell console and create a new service definition:
Panel |
---|
$params = @{
Name = "MFT Waarp Gateway Server"
BinaryPathName = '"C:\MFT\MFT Gateway\waarp-gatewayd.exe" server -c "C:\MFT\MFT Gateway\server.ini"'
DisplayName = "MFT Waarp Gateway Server"
StartupType = "Automatic"
Description = "MFT Waarp Gateway Server."
}
New-Service @params
|
- Start the service and check the status:
Panel |
---|
Start-Service "MFT Waarp Gateway Server"
|
Be sure that the listen port and network interface is reachable by UDMG Authentication Proxy and UDMG Agent Client.
UDMG Authentication Proxy
Create a new service definition:
Panel |
---|
$params = @{
Name = "MFT Auth Proxy"
BinaryPathName = 'MFT_AUTH_PROXY_CONFIG=config.toml "C:\MFT\MFT Auth Proxy\server.exe"'
DisplayName = "MFT Auth Proxy server"
StartupType = "Automatic"
Description = "MFT Auth Proxy server."
}
New-Service @params
|
- Start the service and check the status:
Panel |
---|
Start-Service "MFT Auth Proxy server"
|
Be sure that the listen port and network interface is reachable by NGINX Server.
UDMG Agent Proxy
Agent Proxy Server Service
Create a new service definition:
Panel |
---|
$params = @{
Name = "MFT Agent Server"
BinaryPathName = 'MFT_AUTH_PROXY_CONFIG=config.toml "C:\MFT\MFT Agent\server\server.exe"'
DisplayName = "MFT Agent Server"
StartupType = "Automatic"
Description = "MFT Agent server."
}
New-Service @params
|
- Start the service and check the status:
Panel |
---|
Start-Service "MFT Agent Server"
|
Be sure that the listen port and network interface is reachable by UDMG Agent Client .
Agent Proxy Client Service
Create a new service definition:
Panel |
---|
$params = @{
Name = "MFT Agent Client"
BinaryPathName = 'MFT_AUTH_PROXY_CONFIG=config.toml "C:\MFT\MFT Agent\client\server.exe"'
DisplayName = "MFT Agent Client"
StartupType = "Automatic"
Description = "MFT Agent Client."
}
New-Service @params
|
- Start the service and check the status:
Panel |
---|
Start-Service "MFT Agent Client" |
Component Ports
Make sure that all the ports needed are open under your firewall configuration.
References
This document references the following documents.
Name | Location |
---|
PostgreSQL Client Authentication | |
PostgreSQL Password Authentication | |