skip to main content
Administering Hybrid Data Pipeline : Authentication : Integrating an LDAP authentication service : Registering an LDAP authentication service
  

Try Now
Registering an LDAP authentication service
The first step in integrating an LDAP service is to register the service with Hybrid Data Pipeline using the Authentication API. Once the service is registered, end users can be provisioned to authenticate via an LDAP service.
An external authentication service registered in the default system tenant is available across all tenants, while an external authentication service registered in a child tenant is only available in that tenant. Once a service is registered with a tenant, the tenant administrator can provision end users in the tenant to authenticate via the service. A user with the Administrator (12) permission can register an external authentication service on any tenant within the system. A user with the RegisterExternalAuthService (26) permission can register an external authentication service on any tenant to which he or she has administrative access.

POST operation

The POST operation to register an LDAP service will have the following syntax.
POST https://<myserver>:<port>/api/admin/auth/services

Payload definition

The payload used to register an LDAP service can be defined as follows.
{
"name": "authservice_name",
"tenantId": tenant_id,
"description": "authservice_description",
"authDefinition": {
"attributes": {
"targetUrl": "LDAP_URL",
"securityAuthentication": "LDAP_auth_mechanism",
"securityPrincipal": "LDAP_principal",
"securityCredentials": "LDAP_credentials"
}
},
"authTypeId": authtype_id
}
Property
Description
Usage
Valid Values
"name"
The name of the authentication service.
Required
A string that provides a name for the authentication service.
"tenantId"
The ID of the tenant.
Optional
A valid tenant ID. If the tenant ID is not specified, the authentication service will belong to the tenant of the administrator executing the operation.
"description"
The description of the authentication service.
Optional
A string that provides a description for the authentication service.
"authDefinition"
An object that defines the authentication service.
Required
For an LDAP service, the following attributes must be specified via the attributes object.
*targetUrl
*securityAuthentication
*securityPrincipal
*securityCredentials (optional)
See authDefinition Object for details.
"authTypeId"
The ID of the authentication type.
Required
3 must be specified for an LDAP service.

Example

The following POST operation registers the LDAP service.
POST https://MyServer:8443/api/admin/auth/services
Request payload
{
"name": "LDAP",
"tenantId": 1,
"description": "LDAP Auth plugin",
"authDefinition": {
"attributes": {
"targetUrl": "LDAP://123.45.67.899:389",
"securityAuthentication": "simple",
"securityPrincipal": "CN=%LOGINNAME%,OU=TestRuns,DC=testdomain,DC=local"
}
},
"authTypeId": 3
}
Response payload
Status code: 201
Successful response
{
"id": 21,
"name": "LDAP",
"tenantId": 1,
"description": "LDAP Auth plugin",
"authDefinition": {
"attributes": {
"targetUrl": "LDAP://123.45.67.899:389",
"securityAuthentication": "simple",
"securityPrincipal": "CN=%LOGINNAME%,OU=TestRuns,DC=testdomain,DC=local"
}
},
"lastModifiedTime": "2018-02-14T11:34:13.009Z",
"authTypeId": 3,
"tenantName": "OrgT"
}

What to do next

End users can now be provisioned to authenticate via the LDAP service.