--- title: Install a DSML gateway description: The DSML gateway web application translates each HTTP request into one or more LDAP requests. component: pingds version: 7.5 page_id: pingds:install-guide:install-dsml canonical_url: https://docs.pingidentity.com/pingds/7.5/install-guide/install-dsml.html revdate: 2025-07-07T12:55:25Z keywords: ["Install", "Integration", "LDAP", "Setup & Configuration", "Standards"] section_ids: setup-dsml: Configure DSML access --- # Install a DSML gateway The DSML gateway web application translates each HTTP request into one or more LDAP requests. | | | | - | -------------------------------------------------------- | | | The interface stability of this feature is *Deprecated*. | The translation depends on the DSML protocol. For authentication, you must configure how HTTP user IDs map to LDAP identities. ![DSML translates HTTP to LDAP based on the DSML protocol.](../_images/dsml.svg)Figure 1. Requests through a DSML gateway The DSML gateway functions as a web application in a web application container. The DSML gateway runs independently of the directory service. You configure the gateway to access a directory service by editing parameters in the gateway configuration file, `WEB-INF/web.xml`: 1. [Review requirements for installation](https://docs.pingidentity.com/pingds/release-notes/requirements.html). 2. Deploy the .war file according to the instructions for your web application container. 3. Edit `WEB-INF/web.xml` to ensure the parameters are correct. For details, refer to [Configure DSML access](#setup-dsml). 4. Configure your web application container to use HTTPS for secure connections to the gateway. Refer to your web application container documentation for details. 5. Restart the web application according to the instructions for your web application container. ## Configure DSML access Directory Services Markup Language (DSML) client access is implemented as a servlet web application. You edit the `WEB-INF/web.xml` file after deploying the web application. The list of DSML configuration parameters are the following: * `ldap.host` The hostname of the underlying directory service. Default: `localhost` * `ldap.port` The LDAP port number of the underlying directory service. Default: `389` * `ldap.userdn` Optional parameter specifying the DN to bind to the underlying directory service. Default: anonymous bind * `ldap.userpassword` Optional parameter specifying the password to bind to the underlying directory service. Default: anonymous bind * `ldap.authzidtypeisid` Use this parameter to set up the DSML gateway to do HTTP Basic Access Authentication, given the appropriate mapping between the user ID, and the user's entry in the directory. This takes a boolean parameter specifying whether the HTTP Authorization header field's Basic credentials in the request hold a plain ID, rather than a DN. If set to `true`, the gateway performs an LDAP SASL bind using SASL plain, enabled by default in DS servers to look for an exact match between a `uid` in the server, and the plain ID from the header. In other words, if the plain ID is `bjensen`, then the bind DN is `uid=bjensen,ou=people,dc=example,dc=com`. Configure DS identity mappers as necessary to use a different attribute than `uid`. For background information, refer to [Identity mappers](../ldap-guide/client-auth.html#client-auth-identity-mappers). Default: `false` * `ldap.usessl` Whether `ldap.port` uses LDAPS. Default: `false` * `ldap.usestarttls` Whether to use StartTLS when connecting to `ldap.port`. Default: `false` * `ldap.trustall` Whether to blindly trust all server certificates when using LDAPS or StartTLS. Default: `false` * `ldap.truststore.path` The truststore used to verify server certificates when using LDAPS or StartTLS. Required when using LDAPS or StartTLS and `ldap.trustall` is `false`. * `ldap.truststore.password` The password to read the truststore. Required when using a truststore with a password. For initial testing purposes, try [JXplorer](https://jxplorer.org/), where the DSML Service is: `/webapp-dir/DSMLServlet`. The `webapp-dir` refers to the name of the directory holding the DSML `.war`.