Request A Demo
Back to All Blog Articles

Securing FlexDeploy using LDAP server

FlexDeploy previously supported Active Directory and other LDAP servers for user authentication. Now with FlexDeploy 3.1, we have added capability to map external directory server groups to FlexDeploy groups, which makes it very easy to manage FlexDeploy users in your environment. You will still configure FlexDeploy groups with finer grained permissions to various objects and/or projects using FlexDeploy UI. This is extremely simple process and I will demostrate it using WebLogic Embedded LDAP server, but this can be used with Active Directory and other LDAP servers as well.

Let’s first look at two FlexDeploy groups. “FD Administrators” is administrator group and it has access to all functionality of FlexDeploy. This is seeded group, but you can create other administrative groups as well if desired.

FDAdministratorsPermissions

“FD Operators” is group that I have created in my installation, to support users from Operations team. They should be able to approve tasks associated with deployment requests and in addition they can control approval and scheduling requirements.

FDOperatorsPermissions

Now let’s add Realm for users defined in WebLogic Embedded LDAP server.

See image below for details on how this realm is configured in FlexDeploy. Please reference https://flexagon.com/2015/12/connect-to-weblogic-embedded-ldap-using-ldap-browser/ to enable connectivity to WebLogic Embedded LDAP.

RealmConfig

In order to setup Group mapping, select Group Mapping tab. Select specific group in External Groups and shuttle desired FlexDeploy groups to Mapped FlexDeploy Groups. See image below, where I have mapped Administrators to FD Administrators and Operators to FD Operators.

GroupMapping

Realm configuration changes requires recycle of FlexDeploy server process. Once realms is operational, you can continue to change Group Mapping information without any recycles.

Let’s look at our test users. fdoperator1 is user defined in WebLogic Embedded LDAP and it has Operators group, which is also assigned in WebLogic Embedded LDAP.

fdoperator1user

When you login for first time with user defined in external realm, you will be prompted to enter details like First and Last name, email and notification preferences etc. At this point, fdoperator1 user only has one group Operators in WebLogic Embedded LDAP. At login time, FlexDeploy will use Operators group and find mapped FlexDeploy group which is “FD Operators” and hence fdoperator1 will only see specific parts of UI. See below.

Security Scanning

FlexDeploy offers plugins for many SAST and DAST tools, allowing users to seamlessly integrate industry-leading scanning tools into your current DevOps practices.

Watch Video
operatorview

You can have more than one realm in FlexDeploy and there is already internal realm based in FlexDeploy database. fdadmin is user defined in internal realm, which is assigned to “FD Administrators” group. fdadmin will see all features in FlexDeploy UI as it is assigned with administrative group. See below.

administratorview

When you have more than one realm defined in FlexDeploy, first successful authentication wins and groups are derived from that Realm if Group mapping is enabled on that realm. Group assigned in FlexDeploy internal realm are always used, so if you wanted to provide additional groups to users defined in external realm, you can do that in FlexDeploy – Users screen.

FlexDeploy 3.1 uses memberOf virtual attribute to derive User’s groups. You can use Microsoft Active Directory or Oracle Internet Directory as well for group mappings as described in this blog entry as both support memoberOf attribute.

A Comprehensive, Integrated Approach to DevOps

Tell us about your integration challenges. We've got you covered.

Related Resources

Oracle EBS DevSecOps

Is Your Oracle EBS Ready for DevSecOps?

Businesses everywhere are modernizing through digital transformation. Upgrades bring faster services and new features, increasing the need to introduce innovation ...

Kick-start DevOps for Oracle Analytics Cloud with FlexDeploy

Oracle Analytics Cloud (OAC) is a highly scalable and approachable cloud-native service. OAC provides enterprises with all the features required ...

Securing Release Pipelines with FlexDeploy and Checkmarx

Checkmarx is an industry-leading application security analysis tool. Security is of ever growing importance as IT becomes more integral to ...

Join DevOps leaders across the globe who receive analysis, tips, and trends in their inbox