If you are using indirect binding, you need to provide an external LDAP username and password
in management-server.properties
that Apigee uses to log into the external LDAP and
perform the indirect credential search.
The following steps explain how to encrypt your password:
- Execute the following Java utility, replacing the YOUR_EXTERNAL_LDAP_PASSWORD
with your actual external LDAP password:
java -cp /opt/apigee/edge-gateway/lib/thirdparty/*:/opt/apigee/edge-gateway/lib/kernel/*:/opt/apigee/edge-gateway/lib/infra/libraries/* com.apigee.util.CredentialUtil --password="YOUR_EXTERNAL_LDAP_PASSWORD"
- In the output of the command, you will see a newline followed by what looks like a random character string. Copy that string.
- Edit
/opt/apigee/customer/application/management-server.properties
. - Update the following property, replacing myAdPassword with the string you
copied from step 2, above.
conf_security_externalized.authentication.indirect.bind.server.admin.password=myAdPassword
- Be sure the following property is set to true:
conf_security_externalized.authentication.indirect.bind.server.admin.password.encrypted=true
- Save the file.
- Restart the Management Server:
/opt/apigee/apigee-service/bin/apigee-service edge-management-server restart
- Verify that the server is running:
/opt/apigee/apigee-service/bin/apigee-all status
Testing the installation
See the testing section at the end of Enabling external authentication, and perform the same test described there.