(Indirect binding only) Encrypting the external LDAP user's password

If you are using indirect binding, you need to provide an external LDAP username and password in management-server.properties that Apigee uses to log into the external LDAP and perform the indirect credential search.

The following steps explain how to encrypt your password:

Execute the following Java utility, replacing YOUR_EXTERNAL_LDAP_PASSWORD with your actual external LDAP password:
```
java -Djava.security.properties=/opt/apigee/edge-management-server/conf/jvmsecurity.properties \
-cp /opt/apigee/edge-gateway/lib/kernel/*:/opt/apigee/edge-gateway/lib/infra/services/*:/opt/apigee/edge-gateway/lib/thirdparty/*:/opt/apigee/edge-gateway/lib/infra/libraries/*:/opt/apigee/edge-management-server/conf/ \
com.apigee.util.CredentialUtil \
--password="YOUR_EXTERNAL_LDAP_PASSWORD"
```
where /opt/apigee/edge-management-server/conf/ is the path to the credential.properties file of the edge-management server.

Note: You must use Apigee's Java security file when you invoke the command to encrypt the password. This is required for both FIPS and non-FIPS enabled operating systems.
In the output of the command, you will see a newline followed by what looks like a random character string. Copy that string.
Edit /opt/apigee/customer/application/management-server.properties.
Update the following property, replacing myAdPassword with the string you copied from step 2, above.
```
conf_security_externalized.authentication.indirect.bind.server.admin.password=myAdPassword
```

Be sure the following property is set to true:

conf_security_externalized.authentication.indirect.bind.server.admin.password.encrypted=true

Save the file.

Restart the Management Server:

/opt/apigee/apigee-service/bin/apigee-service edge-management-server restart

Verify that the server is running:

/opt/apigee/apigee-service/bin/apigee-all status

Testing the installation

See the testing section at the end of Enabling external authentication, and perform the same test described there.

Testing the FIPS status

To check if your operating system is FIPS-enabled, run the following command:

fips-mode-setup --check

If the output is "Installation of FIPS modules is not completed. FIPS mode is disabled.", then your operating system is not FIPS-enabled.

See Edge for Private Cloud on FIPS-enabled RHEL 8.X to know how to enable FIPS mode on RHEL 8.X.