If you are using indirect binding, you need to provide an external LDAP username and password
in management-server.properties
that Apigee uses to log into the external LDAP and
perform the indirect credential search.
The following steps explain how to encrypt your password:
- Execute the following Java utility, replacing YOUR_EXTERNAL_LDAP_PASSWORD with your actual external LDAP password:
java -cp /opt/apigee/edge-gateway/lib/thirdparty/*:/opt/apigee/edge-gateway/lib/kernel/*:/opt/apigee/edge-gateway/lib/infra/libraries/*:/opt/apigee/edge-management-server/conf/com.apigee.util.CredentialUtil --password="YOUR_EXTERNAL_LDAP_PASSWORD"
where
/opt/apigee/edge-management-server/conf/
is the path to thecredential.properties
file of the edge-management server.Note: If you are using Edge for Private Cloud on a FIPS-enabled operating system, you must use Apigee's Java security file when invoking the command to encrypt the password. The rest of the instructions remain the same.
java -Djava.security.properties=/opt/apigee/edge-management-server/conf/jvmsecurity.properties -cp /opt/apigee/edge-gateway/lib/thirdparty/*:/opt/apigee/edge-gateway/lib/kernel/*:/opt/apigee/edge-gateway/lib/infra/libraries/*:/opt/apigee/edge-management-server/conf/com.apigee.util.CredentialUtil --password="YOUR_EXTERNAL_LDAP_PASSWORD"
- In the output of the command, you will see a newline followed by what looks like a random character string. Copy that string.
- Edit
/opt/apigee/customer/application/management-server.properties
. - Update the following property, replacing myAdPassword with the string you
copied from step 2, above.
conf_security_externalized.authentication.indirect.bind.server.admin.password=myAdPassword
- Be sure the following property is set to true:
conf_security_externalized.authentication.indirect.bind.server.admin.password.encrypted=true
- Save the file.
- Restart the Management Server:
/opt/apigee/apigee-service/bin/apigee-service edge-management-server restart
- Verify that the server is running:
/opt/apigee/apigee-service/bin/apigee-all status
Testing the installation
See the testing section at the end of Enabling external authentication, and perform the same test described there.