(Indirect binding only) Encrypting the external LDAP user's password

If you are using indirect binding, you need to provide an external LDAP username and password in management-server.properties that Apigee uses to log into the external LDAP and perform the indirect credential search.

The following steps explain how to encrypt your password:

  1. Execute the following Java utility, replacing YOUR_EXTERNAL_LDAP_PASSWORD with your actual external LDAP password:
    java -cp /opt/apigee/edge-gateway/lib/thirdparty/*:/opt/apigee/edge-gateway/lib/kernel/*:/opt/apigee/edge-gateway/lib/infra/libraries/*:/opt/apigee/edge-management-server/conf/com.apigee.util.CredentialUtil --password="YOUR_EXTERNAL_LDAP_PASSWORD"

    where /opt/apigee/edge-management-server/conf/ is the path to the credential.properties file of the edge-management server.

    Note: If you are using Edge for Private Cloud on a FIPS-enabled operating system, you must use Apigee's Java security file when invoking the command to encrypt the password. The rest of the instructions remain the same.

    java -Djava.security.properties=/opt/apigee/edge-management-server/conf/jvmsecurity.properties -cp /opt/apigee/edge-gateway/lib/thirdparty/*:/opt/apigee/edge-gateway/lib/kernel/*:/opt/apigee/edge-gateway/lib/infra/libraries/*:/opt/apigee/edge-management-server/conf/com.apigee.util.CredentialUtil --password="YOUR_EXTERNAL_LDAP_PASSWORD"
  2. In the output of the command, you will see a newline followed by what looks like a random character string. Copy that string.
  3. Edit /opt/apigee/customer/application/management-server.properties.
  4. Update the following property, replacing myAdPassword with the string you copied from step 2, above.
    conf_security_externalized.authentication.indirect.bind.server.admin.password=myAdPassword
  5. Be sure the following property is set to true:
    conf_security_externalized.authentication.indirect.bind.server.admin.password.encrypted=true
  6. Save the file.
  7. Restart the Management Server:
    /opt/apigee/apigee-service/bin/apigee-service edge-management-server restart
  8. Verify that the server is running:
    /opt/apigee/apigee-service/bin/apigee-all status

Testing the installation

See the testing section at the end of Enabling external authentication, and perform the same test described there.