To use the LDAP connector, add the
<ldap.init> element in your configuration before performing any other operation. This LDAP configuration authenticates with the LDAP server in order to gain access to perform various LDAP operations.
providerUrl: The URL of the LDAP server.
securityPrincipal: The Distinguished Name(DN) of the admin of the LDAP Server.
securityCredentials: The password of the LDAP admin.
secureConnection: The boolean value for the secure connection.
disableSSLCertificateChecking: The boolean value to check whether certificate enable or not.
You can follow the following steps to import your LDAP certificate into wso2esb client’s keystore as follows:
- To encrypt the connections, we'll need to configure a certificate authority (https://www.digitalocean.com/community/tutorials/how-to-encrypt-openldap-connections-using-starttls) and use it to sign the keys for the LDAP server.
- Use the ESB Management Console or the following command to import that certificate into the ESB client keystore.
keytool -importcert -file <certificate file> -keystore <ESB>/repository/resources/security/client-truststore.jks -alias "LDAP"
- Restart the server and deploy the LDAP configuration.
Ensuring secure data
For security purposes, you should store
securityCredentials in the WSO2 secure vault and make reference to it by using an alias instead of hard-coding the actual value in the configuration file. For more information, see Working with Passwords.
Re-using LDAP configurations
For best results, save the LDAP configuration as a local entry. You can then easily reference it with the
configKey attribute in your LDAP operations. For example, if you saved the above
<ldap.init> entry as a local entry named
ldapConfig, you could reference it from the
deleteEntry operation as follows: