Configuring pass-through authentication to LDAP servers

To enable pass-through authentication to LDAP servers, create and configure at least one LDAP external server, a pass-through authentication handler, and a pluggable pass-through authentication plugin instance.

Steps

To create an LDAP external server, run dsconfig create-external-server.

If you already have an LDAP external server to use for pass-through authentication, proceed to step 2.

Example:

The following example creates two LDAP external servers.

dsconfig create-external-server \
     --server-name ds1.example.com:636 \
     --type ldap \
     --set server-host-name:ds1.example.com \
     --set server-port:636 \
     --set connection-security:ssl \
     --set key-manager-provider:Null \
     --set trust-manager-provider:JKS \
     --set authentication-method:none

dsconfig create-external-server \
     --server-name ds2.example.com:636 \
     --type ldap \
     --set server-host-name:ds2.example.com \
     --set server-port:636 \
     --set connection-security:ssl \
     --set key-manager-provider:Null \
     --set trust-manager-provider:JKS \
     --set authentication-method:none

To create an LDAP pass-through authentication handler, run dsconfig create-pass-through-authentication-handler.

Example:

dsconfig create-pass-through-authentication-handler \
     --handler-name LDAP \
     --type ldap \
     --set server:ds1.example.com:636 \
     --set server:ds2.example.com:636 \
     --set server-access-mode:round-robin

To create a pluggable pass-through authentication plugin instance, run dsconfig create-plugin.

Example:

dsconfig create-plugin \
     --plugin-name "Pluggable Pass-Through Authentication" \
     --type pluggable-pass-through-authentication \
     --set enabled:true \
     --set pass-through-authentication-handler:LDAP

PingDirectory

Configuring pass-through authentication to LDAP servers

Steps

Example:

Example:

Example: