How to connect to an application/service using Boundary.

Avatar
Akash Gupta
  • Updated

 

This article demonstrates and explains how to set up a target in Boundary that connects to an application service via CLI and/or UI.

For demonstration, this article was tested on OpenLDAP with LDAP Account Manager applications.


Pre-requisites

The article is tested on Apple MacOS 14.5 Sonoma with the following:

  • Boundary Controller and Worker v0.16.0+ent
    • Up, configured, and running
  • Boundary Desktop Client v2.0.3
    • Up, configured, and running
  • OpenLDAP (ldapsearch v2.5.17)
    • Up, configured, and running
  • LDAP Account Manager (LAM) v7.7 (OpenLDAP web frontend)
    • Up, configured, and running

  • Please make sure that the Boundary Worker has access to the service through the network as the Boundary Desktop initiates a local SSH tunnel to connect to the Worker which then takes the connection to the service using the details submitted through the target.

Setup

  • Login to Boundary Controller Web Interface.

  • Select the appropriate Scope, then Project, and then create a Generic TCP-type target to access OpenLDAP on"localhost".This needs the following details at a minimum:

    • The host address is the IPon which the application is runinng, generally the IP of the OS.
      • If there is more than one IP address assigned to the host hosting the application, use the IP the application is configured with (in my case the IP inside "/etc/ldap/config").

    • The target port is 80 (since the LAM is running on port 80)

    • Other details like Default Client Port, Worker Filtering, Maximum Duration, and Maximum Connections are configured as per the need and are optional.

    • HashiCorp recommends leaving the Target Address field blank and using Host Catalogs and Host Sets instead if you want to use this target on multiple hosts.

      • However, for this article, we can directly put the Target Address.


Connect to the Application/Service

Once the target is ready, log in to the Boundary Dekstop Client, select your Scope, and then Targets and search for the application/service Target Name that you've defined while creating the Target in the Controller UI.

Click "Connect" to initiate a "Session" that will generate a random port (if not explicitly defined in Default Client Port), an example snippet is shown below:

 



Open the browser and hit the "127.0.0.1:51194/lam" to access the site locally as shown in the below snippet. "/lam" is specific to the LAM application web interface access only.

 

 

Please note that this setup is not eligible for the Boundary Sessions Recording feature.

 

Reference Articles

Articles in this section

Related articles