Skip to main content
Delphix

How to Set Up LDAP Authentication for 5.2 Masking Engines (KBA1736)

 

Applicable Delphix Versions

 

Major Release

All Sub Releases

5.2 5.2.2.0, 5.2.2.1, 5.2.3.0

Background

Starting from version 5.2, setting up LDAP authentication needs to be configured through the Masking API. Fortunately, the Masking API client simplifies this process. This article will describe the procedure to establish LDAP authentication.

Prerequisites

Information on the LDAP server is needed. In particular, the following parameters are required for this procedure:

  • LDAP_BASEDN
  • LDAP_FILTER
  • LDAP_HOST
  • LDAP_PORT
  • MSAD_DOMAIN

Procedure

  • Navigate to the masking engine's API client. This can be found at "http://<engine-url>:8282/masking/api-client/".
  • Click on login,  and then click on POST /login
  • Click on the yellow text box under "Example Value" to copy the JSON formatting to the value parameter
  • Replace the username and password values with masking account credentials and click "Try it out!"

Screen Shot 2018-06-14 at 5.24.40 PM.png

  • An API response will appear. Verify that the response code is 200, and copy the authorization key

Screen Shot 2018-06-19 at 3.26.13 PM.png

  • Navigate to the top of the page, and click on "Authorize" Screen Shot 2018-06-19 at 3.27.30 PM.png
  • Paste the copied authorization key into the "Value" text box, and click "Authorize"

Screen Shot 2018-06-19 at 3.28.26 PM.png

  • Click on applicationSettings,  then click PUT /applicationSettings/{settingID}
  • For settingId, enter LDAP_ENABLE
  • For body, enter the following:

{

  "LDAP_ENABLE": "true"

}

  • Click "Try it out!"

Screen Shot 2018-06-19 at 3.56.50 PM.png

  • Go back to step 10 and repeat with each LDAP parameter

Once this process is completed, users can log into the masking engine by using their LDAP credentials.

 

Additional Information

Establishing an LDAP connection will disable access to any existing user accounts, including delphix_admin. If invalid LDAP parameters are passed into the Masking API, users may be locked out of the masking engine. If this occurs, Delphix Support should be contacted to unlock the engine.

 

Documentation Links

The Masking API Client