Skip to content

LDAP Connector Configuration

To use the LDAP connector, add the <ldap.init> element in your configuration before carrying out any other LDAP operations.

ldap.init

The ldap.init operation initializes the connector to interact with an LDAP.

Parameter Name Description Required
providerUrl The URL of the LDAP server. Yes
securityPrincipal The Distinguished Name (DN) of the admin of the LDAP Server. Yes
securityCredentials The password of the LDAP admin. Yes
secureConnection The boolean value for the secure connection. Yes
disableSSLCertificateChecking The boolean value to check whether the certificate is enabled or not. Yes

Sample configuration

<ldap.init>
    <providerUrl>{$ctx:providerUrl}</providerUrl>
    <securityPrincipal>{$ctx:securityPrincipal}</securityPrincipal>
    <securityCredentials>{$ctx:securityCredentials}</securityCredentials>
    <secureConnection>{$ctx:secureConnection}</secureConnection>
    <disableSSLCertificateChecking>{$ctx:disableSSLCertificateChecking}</disableSSLCertificateChecking>
</ldap.init>

You can follow the steps below to import your LDAP certificate into wso2ei client’s keystore as follows:

  1. To encrypt the connections, you need to configure a certificate authority (https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls) and use it to sign the keys for the LDAP server.
  2. Use the following command to import the certificate into the EI client keystore.
    keytool -importcert -file <certificate file> -keystore <EI>/repository/resources/security/client-truststore.jks -alias "LDAP"
  3. Restart the server and deploy the LDAP configuration.

Ensuring secure data

Secure Vault is supported for encrypting passwords. See, Working with Passwords on integrating and using Secure Vault.

Re-using LDAP configurations

You can save the LDAP configuration as a local entry and then easily reference it with the configKey attribute in your operations. For example, if you saved the above entry as a local entry named MyLDAPConfig, you could reference it from an operation like addEntry as follows:

<ldap.addEntry configKey="MyLDAPConfig"/>

Top