skip to main content
Administering Hybrid Data Pipeline : Authentication : Integrating an LDAP authentication service : Registering an LDAP authentication service
  

Try Now
Registering an LDAP authentication service
Before a user account can be configured to use LDAP, an LDAP service must be registered with Hybrid Data Pipeline. As described in the following sections, you can register a Java plugin authentication service either through the Web UI or the Authentication API.
Note:
*An external authentication service registered in the default system tenant is available across all tenants, while an external authentication service registered in a child tenant is only available in that tenant. Once a service is registered with a tenant, the tenant administrator can create or modify user accounts to authenticate end user credentials against the service.
*A user with the Administrator (12) permission can register an external authentication service on any tenant within the system. A user with the RegisterExternalAuthService (26) permission can register an external authentication service on any tenant to which he or she has administrative access.

Register LDAP service via the Web UI

Take the following steps to register an LDAP service via the Web UI.
1. Navigate to the Manage External Authentication view by clicking the manage external authentication icon .
2. Select the tenant for which you are registering the service from the Select Tenant dropdown.
3. Click + New Service. You will be directed to the Create Authentication Service screen.
4. Provide the following information.
*The name and description of the service
*The service type
*Target URL (The URL used to access the LDAP service.)
*Service Authentication (The authentication mechanism required by the LDAP service.)
*Security Principal (The principal used to authenticate against the LDAP server. The user name token %LOGINNAME% is supported to permit the replacement of the actual user name. For example, CN=%LOGINNAME%,OU=TestRuns,DC=testdomain.)
*Other Attributes (A valid JSON Object to be passed as key and value pairs to the environment properties during the creation of InitialDirContext object.)
5. Click Save.
What to do next:
Configure Hybrid Data Pipeline user accounts to use the LDAP service. See Configuring user accounts for LDAP authentication for details.

Register LDAP service via the Authentication API

The following POST operation registers the LDAP1 service. For further details, see Register an external authentication service.
Request
POST https://MyServer:8443/api/admin/auth/services
Request payload
{
"name": "LDAP1",
"tenantId": 1,
"description": "LDAP Auth plugin",
"authDefinition": {
"attributes": {
"targetUrl": "LDAP://123.45.67.899:389",
"securityAuthentication": "simple",
"securityPrincipal": "CN=%LOGINNAME%,OU=TestRuns,DC=testdomain,DC=local"
}
},
"authTypeId": 3
}
Response payload
Status code: 201
Successful response
{
"id": 21,
"name": "LDAP1",
"tenantId": 1,
"description": "LDAP Auth plugin",
"authDefinition": {
"attributes": {
"targetUrl": "LDAP://123.45.67.899:389",
"securityAuthentication": "simple",
"securityPrincipal": "CN=%LOGINNAME%,OU=TestRuns,DC=testdomain,DC=local"
}
},
"lastModifiedTime": "2018-02-14T11:34:13.009Z",
"authTypeId": 3,
"tenantName": "OrgT"
}

What to do next

Configure Hybrid Data Pipeline user accounts to use the LDAP service. See Configuring user accounts for LDAP authentication for details.