Configuring pass-through authentication to LDAP servers
To enable pass-through authentication to LDAP servers, create and configure at least one LDAP external server, a pass-through authentication handler, and a pluggable pass-through authentication plugin instance.
Steps
-
To create an LDAP external server, run
dsconfig create-external-server
.If you already have an LDAP external server to use for pass-through authentication, proceed to step 2.
Example:
The following example creates two LDAP external servers.
dsconfig create-external-server \ --server-name ds1.example.com:636 \ --type ldap \ --set server-host-name:ds1.example.com \ --set server-port:636 \ --set connection-security:ssl \ --set key-manager-provider:Null \ --set trust-manager-provider:JKS \ --set authentication-method:none dsconfig create-external-server \ --server-name ds2.example.com:636 \ --type ldap \ --set server-host-name:ds2.example.com \ --set server-port:636 \ --set connection-security:ssl \ --set key-manager-provider:Null \ --set trust-manager-provider:JKS \ --set authentication-method:none
-
To create an LDAP pass-through authentication handler, run
dsconfig create-pass-through-authentication-handler
.Example:
dsconfig create-pass-through-authentication-handler \ --handler-name LDAP \ --type ldap \ --set server:ds1.example.com:636 \ --set server:ds2.example.com:636 \ --set server-access-mode:round-robin
-
To create a pluggable pass-through authentication plugin instance, run
dsconfig create-plugin
.Example:
dsconfig create-plugin \ --plugin-name "Pluggable Pass-Through Authentication" \ --type pluggable-pass-through-authentication \ --set enabled:true \ --set pass-through-authentication-handler:LDAP