Layer7 API Management

  • Private Community

  • 1.  Integrate CA API Gateway with external LDAP Server

    Posted Sep 29, 2017 02:46 AM

    Hi All,

     

    Problem Statement : want to authenticate user with LDAP server which is placed let's say locally.

     

    Steps followed : I've set up ldap server locally. And checked the connectivity of ldap using java application & ldap browser.

     

    Issue : I tried to integrate with ca api gateway using "Create Simple LDAP Service Provider Wizard"

    Entered ldap URL :

    • ldap://localhost:10389
    • UserName : uid=admin,ou=system
    • Password : secret

    But when I "Test" for connection, its showing "test credentials are not valid"

    With above login credentials , I am able to connect using java application and ldap browser. But same credentials are not working in ca api gateway.

     

    Please have a look and provide your inputs how I can proceed with ldap set up in ca api gateway.

     

    Your quick response will be highly appreciated.

     

    Regards.



  • 2.  Re: Integrate CA API Gateway with external LDAP Server

    Broadcom Employee
    Posted Oct 01, 2017 11:31 PM

    Hi,

     

    I suppose you are using “Simple LDAP Identity Provider Wizard”.

    Please try specifying your IP Address instead of 'localhost'.

    Also, ensure that Auth DN Prefix / Suffix are filled correctly in the Wizard.

     

    I tried the Wizard and Test worked well for a specific user (not administrator).

    As for my case,

    Auth DN Prefix:      uid=

    Auth DN Suffix:      ,ou=people,dc=example,dc=com

    Test Username:     user1 (i.e, DN: uid=user1,ou=people,dc=example,dc=com)

    I hope this helps.

     

    Regards,

    Koichi Ikarashi



  • 3.  Re: Integrate CA API Gateway with external LDAP Server

    Posted Oct 02, 2017 11:24 PM

    Thanks Koichi for your quick response.

    I'm using "Create LDAP Identity Provider"

    as of my case,

    Provider Type : GenericLdap

    LDAP Host URL : on which ldap is up and running, also tested the same URL on dummy java application and ldap browser

    SearchBase : ou=users,ou=system

    BindDn : uid=admin, ou=system

    Password : secret

    But I'm getting THIS CONFIGURATION DIDNT YEILD ANY USERS, on click of "TEST"

    and for the same SEARCHBASE, I am able to fetch all the details of all users tagged under the same.

     

    Please help me how I can proceed ahead.

     

    And while using "simple ldap wizard option", I have provided all required details but as soon as I entered credentials as

    Login : uid=admin, ou=system (which is bind Dn)

    password: secret ( as provided in above case)

    I am getting invalid credentials. So not able to proceed with this option as well.

     

    Please provide me your valuable inputs in order to resolve this issue.

     

    Your quick response will be highly appreciated.

     

    Regards.



  • 4.  Re: Integrate CA API Gateway with external LDAP Server
    Best Answer

    Broadcom Employee
    Posted Oct 04, 2017 07:06 AM

    Hi,

     

    Regarding “Simple LDAP Identity Provider Wizard”, these prefixes seem required. Gateway tries to bind a user to LDAP server with using DN. (e.g., BIND dn="uid=user2,ou=people,dc=example,dc=com" )

    Would it be possible for you to try them, such as following?

    Auth DN Prefix:      uid=

    Auth DN Suffix:      ,ou=people,dc=example,dc=com

     

    Also, ensure the LDAP URL has a valid IP address (not localhost) because bind request is sent to the LDAP server by API Gateway (not by Policy Manager).

     

    I hope this helps.

     

    Regards,

    Koichi Ikarashi