PingDirectory

Configuring pass-through authentication to LDAP servers

To enable pass-through authentication to LDAP servers, create and configure at least one LDAP external server, a pass-through authentication handler, and a pluggable pass-through authentication plugin instance.

Steps

  1. To create an LDAP external server, run dsconfig create-external-server.

    If you already have an LDAP external server to use for pass-through authentication, proceed to step 2.

    Example:

    The following example creates two LDAP external servers.

    dsconfig create-external-server \
         --server-name ds1.example.com:636 \
         --type ldap \
         --set server-host-name:ds1.example.com \
         --set server-port:636 \
         --set connection-security:ssl \
         --set key-manager-provider:Null \
         --set trust-manager-provider:JKS \
         --set authentication-method:none
    
    dsconfig create-external-server \
         --server-name ds2.example.com:636 \
         --type ldap \
         --set server-host-name:ds2.example.com \
         --set server-port:636 \
         --set connection-security:ssl \
         --set key-manager-provider:Null \
         --set trust-manager-provider:JKS \
         --set authentication-method:none
  2. To create an LDAP pass-through authentication handler, run dsconfig create-pass-through-authentication-handler.

    Example:

    dsconfig create-pass-through-authentication-handler \
         --handler-name LDAP \
         --type ldap \
         --set server:ds1.example.com:636 \
         --set server:ds2.example.com:636 \
         --set server-access-mode:round-robin
  3. To create a pluggable pass-through authentication plugin instance, run dsconfig create-plugin.

    Example:

    dsconfig create-plugin \
         --plugin-name "Pluggable Pass-Through Authentication" \
         --type pluggable-pass-through-authentication \
         --set enabled:true \
         --set pass-through-authentication-handler:LDAP