If you are using indirect binding, you need to provide an external LDAP username and password
in management-server.properties
that Apigee uses to log into the external LDAP and
perform the indirect credential search.
The following steps explain how to encrypt your password:
- Execute the following Java utility, replacing YOUR_EXTERNAL_LDAP_PASSWORD with your actual external LDAP password:
java -Djava.security.properties=/opt/apigee/edge-management-server/conf/jvmsecurity.properties \ -cp /opt/apigee/edge-gateway/lib/kernel/*:/opt/apigee/edge-gateway/lib/infra/services/*:/opt/apigee/edge-gateway/lib/thirdparty/*:/opt/apigee/edge-gateway/lib/infra/libraries/*:/opt/apigee/edge-management-server/conf/ \ com.apigee.util.CredentialUtil \ --password="YOUR_EXTERNAL_LDAP_PASSWORD"
where
/opt/apigee/edge-management-server/conf/
is the path to thecredential.properties
file of the edge-management server. - In the output of the command, you will see a newline followed by what looks like a random character string. Copy that string.
- Edit
/opt/apigee/customer/application/management-server.properties
. - Update the following property, replacing myAdPassword with the string you
copied from step 2, above.
conf_security_externalized.authentication.indirect.bind.server.admin.password=myAdPassword
- Be sure the following property is set to true:
conf_security_externalized.authentication.indirect.bind.server.admin.password.encrypted=true
- Save the file.
- Restart the Management Server:
/opt/apigee/apigee-service/bin/apigee-service edge-management-server restart
- Verify that the server is running:
/opt/apigee/apigee-service/bin/apigee-all status
Testing the installation
See the testing section at the end of Enabling external authentication, and perform the same test described there.
Testing the FIPS status
To check if your operating system is FIPS-enabled, run the following command:
fips-mode-setup --check
If the output is "Installation of FIPS modules is not completed. FIPS mode is disabled.
", then your operating system is not FIPS-enabled.
See Edge for Private Cloud on FIPS-enabled RHEL 8.X to know how to enable FIPS mode on RHEL 8.X.