When you first installed Edge, a special kind of user was created called a sysadmin user, and at the same time some additional config files were updated with this user’s details. If you configure your external LDAP to authenticate using a non-email address username and / or you have a different password in your external LDAP for this sysadmin user, then you will need to make the changes described in this section.
There are two locations that need to be updated:
- The Edge UI logs into the Management Server using credentials that are stored encrypted in a configuration file on the Edge UI. This update is required when either/both username or password for your sysadmin user is different.
- Edge stores the sysadmin username in another file which is used when running various utility scripts. This update is only required when the username of your sysadmin user is different.
Changing the Edge UI password
The way you change the Edge UI password depends on how your external LDAP server represents usernames:
- If usernames are email addresses, use the
setup.sh
utility to update the Edge UI - If the usernames are IDs, instead of an email address, use API calls and property files to update the Edge UI
Both procedures are described below.
Changing the Edge UI credential for an email address
- Edit the silent config file that you used to install the Edge UI to set the following
properties:
ADMIN_EMAIL=newUser APIGEE_ADMINPW=newPW SMTPHOST=smtp.gmail.com SMTPPORT=465 SMTPUSER=foo@gmail.com SMTPPASSWORD=bar SMTPSSL=y SMTPMAILFROM="My Company <myco@company.com>"
Note that you must include the SMTP properties when passing the new password because all properties on the UI are reset.
- Use the
apigee-setup
utility to reset the password on the Edge UI from the config file:/opt/apigee/apigee-setup/bin/setup.sh -p ui -f configFile
Changing the Edge UI credentials for a user ID
- Encrypt the user ID and password:
java -cp "/opt/apigee/edge-ui/conf:/opt/apigee/edge-ui/lib/*" utils.EncryptUtil 'userName:PWord'
- Open the
ui.properties
file in an editor. If the file does not exist, create it:vi /opt/apigee/customer/application/ui.properties
- In
ui.properties
, set theconf_apigee_apigee.mgmt.credential
token to the value returned by the call in Step 1:conf_apigee_apigee.mgmt.credential="STRING_RETURNED_IN_STEP_1"
- Set the owner of
ui.properties
to "apigee":chown apigee:apigee /opt/apigee/customer/application/ui.properties
- Restart the Edge UI:
/opt/apigee/apigee-service/bin/apigee-service edge-ui restart
Testing the configuration
- Open the management UI in a browser at:
http://management_server_IP:9000/
For example:
http://192.168.52.100:9000/
- Log in using the new credentials. If the login succeeds, the configuration is correct.
Editing the Edge sysadmin username store for Apigee utility scripts
- Edit the silent config file that you used to install the Edge UI to set the following
property to change the value of ADMIN_EMAIL to the username you will be using for your sysadmin
user in your external LDAP:
APIGEE_EMAIL=newUser IS_EXTERNAL_AUTH="true"
The
IS_EXTERNAL_AUTH
property configures Edge to support an account name, rather than an email address, as the username. - Use the
apigee-setup
utility to reset the username on all Edge component from the config file:/opt/apigee/apigee-setup/bin/setup.sh -p edge -f configFile
You must run this command on all Edge component on all Edge nodes, including: Management Server, Router, Message Processor, Qpid, Postgres.
Testing the configuration
Verify that you can access the central POD. On the Management Server, run the following CURL command:
curl -u sysAdminEmail:password http://localhost:8080/v1/servers?pod=central
You should see output in the form:
[ { "internalIP" : "192.168.1.11", "isUp" : true, "pod" : "central", "reachable" : true, "region" : "dc-1", "tags" : { "property" : [ ] }, "type" : [ "application-datastore", "scheduler-datastore", "management-server", "auth-datastore", "apimodel-datastore", "user-settings-datastore", "audit-datastore" ], "uUID" : "d4bc87c6-2baf-4575-98aa-88c37b260469" }, { "externalHostName" : "localhost", "externalIP" : "192.168.1.11", "internalHostName" : "localhost", "internalIP" : "192.168.1.11", "isUp" : true, "pod" : "central", "reachable" : true, "region" : "dc-1", "tags" : { "property" : [ { "name" : "started.at", "value" : "1454691312854" }, ... ] }, "type" : [ "qpid-server" ], "uUID" : "9681202c-8c6e-4da1-b59b-23e3ef092f34" } ]