Configure Microsoft Active Directory

Administrator can configure  to support Microsoft Active Directory for user authentication. The Lightweight Directory Access Protocol (LDAP) is used to perform querying against the Microsoft Active Directory to authenticate users.
apip42
Administrator can configure
API Developer Portal
 to support Microsoft Active Directory for user authentication. The Lightweight Directory Access Protocol (LDAP) is used to perform querying against the Microsoft Active Directory to authenticate users.
Prerequisite
Microsoft Active Directory Server that is populated with users, and roles.
How to Configure Microsoft Active Directory
To configure the Microsoft Active Directory, follow the steps:
  1. Log in as an administrator.
  2. Select 
    Administration, 
    Authentication
    .
  3. On the 
    Authentication Schemes
     page, select the 
    Add Authentication Scheme
     button. 
  4. Provide the following information about the 
    Add Authentication Scheme
     page:
    1. Providers
      : Select an LDAP provider from the available providers, and select Next.
    2. Basic Details
      : Specify the LDAP provider name, description, a provider icon, and select Next.
      Note:
       By default, CA icon is set as the provider icon. Provide a different PNG file to change the icon, and ensure that the file size must not exceed 500 KB. 
    3. Provider Configuration
      : Provide the following LDAP server details:
      Attribute
      Description
      Example value
      Connection Details
      LDAP Host
      Specify the hostname of the LDAP server.
      LDAP Port
      Specify the port that is used to communicate to the LDAP server.
      (Optional) SSL Enabled?
      If the LDAP is SSL enabled, select
      Yes
      to secure the communications between LDAP clients and the Directory server. By default, LDAP without SSL is configured.
      Upload Certificate
      If LDAP is SSL enabled, upload a trusted certificate in X.509 format to connect securely to the LDAP server. Select
      delete the uploaded file
      , to use LDAP without SSL, or upload a new certificate.
      Directory Details
      Base Distinguished Name
      Base Distinguished Name that is used as the basis for user search.
      dc=ca,dc=com
      Bind Distinguished Name
      The complete Bind Distinguished Name of a user with search permissions in LDAP.
      cn=admin,ou=admins,dc=ca,dc=com
      Bind Password
      Password that is associated with the Bind Distinguished Name.
      User Distinguished Name Lookup
      Start Query
      Specifies the text string that is the beginning of an LDAP search expression.
      (&(cn=
      Start Query
      Specifies the text string that is the end of an LDAP search expression.
      )(objectClass=*))
      Effective Lookup
      Defines the combination of Start string, ID-From-Login, and End string of the LDAP search query. ID-From-Login is the username.
      (&(cn= ID-From-Login )(objectClass=*))
    4. Mapping: 
      Configure the user attributes and roles for the authentication schemes.
      Attribute Mapping
      Email
      Specifies the email address attribute that is defined for users in your LDAP.
      mail
      First Name
      Specifies the first name attribute that is defined for users in your LDAP.
      givenName
      Last Name
      Specifies the last name attribute that is defined for users in your LDAP.
      sn
      Organization
      Specifies the organization attribute that a user is associated with.
      o
      Role
      Specifies the user role attribute that is defined in your LDAP.
      title
    5. Role Mapping
      : Select a role from the available list. Map it to the following CA APIM Portal user roles that are similar to the user roles defined in your LDAP: 
      • Portal Administrator
      • API Owner
      • Developer
      • Org Administrator
    6. Configure the group attribute to assign the role to all the users present in a group. If the role attribute value is 
      memberOf
      , ensure to provide the full DN in role mapping. The following sample Base DN is to map the portal administrators to a group named "Engineering managers" for the domain ca.com:
      CN=Engineering managers, CN=users, DC=ca, DC=com
  5. Select Create to save the LDAP configuration.
    Now, LDAP is configured and the LDAP users can be authenticated in CA APIM Portal. CA APIM Portal login page now lists the configured LDAP providers. 
    To set an authentication scheme as a default scheme, select 
    Set as Default option
    in the
    Actions
    section from the
    Authentication Schemes
    page. Once the LDAP authentication scheme is your default scheme, CA APIM Portal renders this LDAP login page to prompt for user credentials.
    Note:
     To add and manage external users from CA APIM Portal, use the Users option in the navigation bar.  For information about how to manage users from Portal, see the Manage Users section.
Edit and Delete Microsoft Active Directory Configuration
If your Microsoft Active Directory configuration changes, update the same in 
API Developer Portal
To edit the Microsoft Active Directory details, follow the steps:
  1. Log in to CA APIM Portal as an Administrator.
  2. Select 
    Administration, 
    Authentication
    .
  3. On the
     Authentication Schemes
     page, select the down arrow in the 
    Actions
     section of a configured LDAP, and select Edit.
  4. In the Edit Authentication Scheme page, select an LDAP configuration to edit. For example, to edit the provider details, select the Provider Configuration option. Make the required changes and select Save.
  5. To delete Microsoft Active Directory that is configured with 
    API Developer Portal
    : On the Authentication Schemes page, select the down arrow in the 
    Actions
     section of a configured LDAP, and select Delete.