How to Set Up LDAP Authentication for 5.2 Masking Engines (KBA1736)
Applicable Delphix Versions
|
Major Release |
All Sub Releases |
| 5.2 | 5.2.2.0, 5.2.2.1, 5.2.3.0 |
Background
Starting from version 5.2, setting up LDAP authentication needs to be configured through the Masking API. Fortunately, the Masking API client simplifies this process. This article will describe the procedure to establish LDAP authentication.
Prerequisites
Information on the LDAP server is needed. In particular, the following parameters are required for this procedure:
- LDAP_BASEDN
- LDAP_FILTER
- LDAP_HOST
- LDAP_PORT
- MSAD_DOMAIN
Procedure
- Navigate to the masking engine's API client. This can be found at "http://<engine-url>:8282/masking/api-client/".
- Click on login, and then click on POST /login
- Click on the yellow text box under "Example Value" to copy the JSON formatting to the value parameter
- Replace the username and password values with masking account credentials and click "Try it out!"
- An API response will appear. Verify that the response code is 200, and copy the authorization key
- Navigate to the top of the page, and click on "Authorize"
- Paste the copied authorization key into the "Value" text box, and click "Authorize"
- Click on applicationSettings, then click PUT /applicationSettings/{settingID}
- For settingId, enter LDAP_ENABLE
- For body, enter the following:
{
"LDAP_ENABLE": "true"
}
- Click "Try it out!"
- Go back to step 10 and repeat with each LDAP parameter
Once this process is completed, users can log into the masking engine by using their LDAP credentials.
Additional Information
Establishing an LDAP connection will disable access to any existing user accounts, including delphix_admin. If invalid LDAP parameters are passed into the Masking API, users may be locked out of the masking engine. If this occurs, Delphix Support should be contacted to unlock the engine.