LDAP identity manager integration

API Gateway interacts with the following directory servers using the Lightweight Directory Access Protocol (LDAP):

  • Apache Directory Server 2.0.0-M7
  • IBM Security Directory Server 6.4.0
  • Microsoft Active Directory 2012
  • Open LDAP Directory Server 2.4.11
  • Oracle Directory Server Enterprise Edition 11g
  • Oracle Internet Directory 10.1.4.0.1
  • Oracle Virtual Directory 11g

Flow description

Diagram illustrating the LDAP integration

The integration flow is as follows:

  • API Gateway authenticates requests by searching the LDAP server for the user. API Gateway sends a bind request to the LDAP server to authenticate the user's credentials. For example, API Gateway extracts the user name and password from an HTTP Basic request and binds to LDAP using these credentials to check if the user name and password are valid.
  • API Gateway retrieves roles or attributes from LDAP by searching the LDAP server for entries and storing retrieved values on the whiteboard to be used by other filters.

When a request has been authenticated, API Gateway can insert a SAML token into the message to show that authentication has occurred. This SAML token can then be consumed by downstream applications to extract information about the original client that sent the request.

Prerequisites

Before you start, you must have API Gateway and your chosen directory server installed and configured.

Configuration process

The configuration process has the following steps:

  1. Check the details for the directory server
  2. Configure an LDAP connection
  3. Configure an LDAP authentication repository
  4. Configure API Gateway policy
  5. Secure the connection to the directory server

Related Links