---
title: Configuring pass-through authentication to LDAP servers
description: To enable pass-through authentication to LDAP servers, create and configure at least one LDAP external server, a pass-through authentication handler, and a pluggable pass-through authentication plugin instance.
component: pingdirectory
version: 11.0
page_id: pingdirectory:pingdirectory_server_administration_guide:pd_ds_configure_pass_through_auth
canonical_url: https://docs.pingidentity.com/pingdirectory/11.0/pingdirectory_server_administration_guide/pd_ds_configure_pass_through_auth.html
revdate: September 13, 2023
section_ids:
  steps: Steps
  example: Example:
  example-2: Example:
  example-3: Example:
---

# Configuring pass-through authentication to LDAP servers

To enable pass-through authentication to LDAP servers, create and configure at least one LDAP external server, a pass-through authentication handler, and a pluggable pass-through authentication plugin instance.

## Steps

1. To create an LDAP external server, run `dsconfig create-external-server`.

   |   |                                                                                                        |
   | - | ------------------------------------------------------------------------------------------------------ |
   |   | If you already have an LDAP external server to use for pass-through authentication, proceed to step 2. |

   ### Example:

   The following example creates two LDAP external servers.

   ```
   dsconfig create-external-server \
        --server-name ds1.example.com:636 \
        --type ldap \
        --set server-host-name:ds1.example.com \
        --set server-port:636 \
        --set connection-security:ssl \
        --set key-manager-provider:Null \
        --set trust-manager-provider:JKS \
        --set authentication-method:none

   dsconfig create-external-server \
        --server-name ds2.example.com:636 \
        --type ldap \
        --set server-host-name:ds2.example.com \
        --set server-port:636 \
        --set connection-security:ssl \
        --set key-manager-provider:Null \
        --set trust-manager-provider:JKS \
        --set authentication-method:none
   ```

2. To create an LDAP pass-through authentication handler, run `dsconfig create-pass-through-authentication-handler`.

   ### Example:

   ```
   dsconfig create-pass-through-authentication-handler \
        --handler-name LDAP \
        --type ldap \
        --set server:ds1.example.com:636 \
        --set server:ds2.example.com:636 \
        --set server-access-mode:round-robin
   ```

3. To create a pluggable pass-through authentication plugin instance, run `dsconfig create-plugin`.

   ### Example:

   ```
   dsconfig create-plugin \
        --plugin-name "Pluggable Pass-Through Authentication" \
        --type pluggable-pass-through-authentication \
        --set enabled:true \
        --set pass-through-authentication-handler:LDAP
   ```