Send Docs Feedback

Indirect binding only: Encrypting the external LDAP user’s password

Edge for Private Cloud v. 4.17.05

If you are using indirect binding, you need to provide an external LDAP username and password in management-server.properties that Apigee uses to log into the external LDAP and perform the indirect credential search. 

Using plain text passwords in config files may be adequate for testing purposes; however, for production environments, encryption is highly recommended. 

The following steps explain how to encrypt your password: 

  1. Execute the following Java utility, replacing the <YOUR EXTERNAL LDAP PASSWORD> with your actual external LDAP password:
    java -cp /opt/apigee/edge-gateway/lib/thirdparty/*:/opt/apigee/edge-gateway/lib/kernel/*:/opt/apigee/edge-gateway/lib/infra/libraries/* com.apigee.util.CredentialUtil --password="<YOUR EXTERNAL LDAP PASSWORD>"
  2. In the output of the command, you will see a newline followed by what looks like a random character string. Copy that string.
  3. Edit /opt/apigee/customer/application/management-server.properties.
  4. Update the following property, replacing <myAdPassword> with the string you copied from step 2, above.
    conf_security_externalized.authentication.indirect.bind.server.admin.password=<myAdPassword>
  5. Be sure the following property is set to true:
    conf_security_externalized.authentication.indirect.bind.server.admin.password.encrypted=true
  6. Save the file.
  7. Restart the Management Server:
    >/opt/apigee/apigee-service/bin/apigee-service edge-management-server restart
  8. Verify that the server is running:
    > /opt/apigee/apigee-service/bin/apigee-all status

Testing the installation

See the testing section at the end of Enabling external authentication , and perform the same test described there.

Help or comments?