(Indirect binding only) Encrypting the external LDAP user's password

Edge for Private Cloud v4.18.05

If you are using indirect binding, you need to provide an external LDAP username and password in management-server.properties that Apigee uses to log into the external LDAP and perform the indirect credential search.

The following steps explain how to encrypt your password:

  1. Execute the following Java utility, replacing the YOUR_EXTERNAL_LDAP_PASSWORD with your actual external LDAP password:
    java -cp /opt/apigee/edge-gateway/lib/thirdparty/*:/opt/apigee/edge-gateway/lib/kernel/*:/opt/apigee/edge-gateway/lib/infra/libraries/*
      com.apigee.util.CredentialUtil --password="YOUR_EXTERNAL_LDAP_PASSWORD"
  2. In the output of the command, you will see a newline followed by what looks like a random character string. Copy that string.
  3. Edit /opt/apigee/customer/application/management-server.properties.
  4. Update the following property, replacing myAdPassword with the string you copied from step 2, above.
    conf_security_externalized.authentication.indirect.bind.server.admin.password=myAdPassword
  5. Be sure the following property is set to true:
    conf_security_externalized.authentication.indirect.bind.server.admin.password.encrypted=true
  6. Save the file.
  7. Restart the Management Server:
    /opt/apigee/apigee-service/bin/apigee-service edge-management-server restart
  8. Verify that the server is running:
    /opt/apigee/apigee-service/bin/apigee-all status

Testing the installation

See the testing section at the end of Enabling external authentication, and perform the same test described there.