Configure Microsoft Active Directory
Administrator can configure to support Microsoft Active Directory for user authentication. The Lightweight Directory Access Protocol (LDAP) is used to perform querying against the Microsoft Active Directory to authenticate users.
Administrator can configure
API Developer Portalto support Microsoft Active Directory for user authentication. The Lightweight Directory Access Protocol (LDAP) is used to perform querying against the Microsoft Active Directory to authenticate users.
Microsoft Active Directory Server that is populated with users, and roles.
How to Configure Microsoft Active Directory
To configure the Microsoft Active Directory, follow the steps:
- Log in as an administrator.
- On theAuthentication Schemespage, select theAdd Authentication Schemebutton.
- Provide the following information about theAdd Authentication Schemepage:
- Providers: Select an LDAP provider from the available providers, and select Next.
- Basic Details: Specify the LDAP provider name, description, a provider icon, and select Next.Note:By default, CA icon is set as the provider icon. Provide a different PNG file to change the icon, and ensure that the file size must not exceed 500 KB.
- Provider Configuration: Provide the following LDAP server details:AttributeDescriptionExample valueConnection DetailsLDAP HostSpecify the hostname of the LDAP server.LDAP PortSpecify the port that is used to communicate to the LDAP server.(Optional) SSL Enabled?If the LDAP is SSL enabled, selectYesto secure the communications between LDAP clients and the Directory server. By default, LDAP without SSL is configured.Upload CertificateIf LDAP is SSL enabled, upload a trusted certificate in X.509 format to connect securely to the LDAP server. Selectdelete the uploaded file, to use LDAP without SSL, or upload a new certificate.Directory DetailsBase Distinguished NameBase Distinguished Name that is used as the basis for user search.dc=ca,dc=comBind Distinguished NameThe complete Bind Distinguished Name of a user with search permissions in LDAP.cn=admin,ou=admins,dc=ca,dc=comBind PasswordPassword that is associated with the Bind Distinguished Name.User Distinguished Name LookupStart QuerySpecifies the text string that is the beginning of an LDAP search expression.(&(cn=Start QuerySpecifies the text string that is the end of an LDAP search expression.)(objectClass=*))Effective LookupDefines the combination of Start string, ID-From-Login, and End string of the LDAP search query. ID-From-Login is the username.(&(cn= ID-From-Login )(objectClass=*))
- Mapping:Configure the user attributes and roles for the authentication schemes.Attribute MappingSpecifies the email address attribute that is defined for users in your LDAP.First NameSpecifies the first name attribute that is defined for users in your LDAP.givenNameLast NameSpecifies the last name attribute that is defined for users in your LDAP.snOrganizationSpecifies the organization attribute that a user is associated with.oRoleSpecifies the user role attribute that is defined in your LDAP.title
- Role Mapping: Select a role from the available list. Map it to the following CA APIM Portal user roles that are similar to the user roles defined in your LDAP:
- Portal Administrator
- API Owner
- Org Administrator
- Configure the group attribute to assign the role to all the users present in a group. If the role attribute value ismemberOf, ensure to provide the full DN in role mapping. The following sample Base DN is to map the portal administrators to a group named "Engineering managers" for the domain ca.com:CN=Engineering managers, CN=users, DC=ca, DC=com
- Select Create to save the LDAP configuration.Now, LDAP is configured and the LDAP users can be authenticated in CA APIM Portal. CA APIM Portal login page now lists the configured LDAP providers.To set an authentication scheme as a default scheme, selectSet as Default optionin theActionssection from theAuthentication Schemespage. Once the LDAP authentication scheme is your default scheme, CA APIM Portal renders this LDAP login page to prompt for user credentials.Note:To add and manage external users from CA APIM Portal, use the Users option in the navigation bar. For information about how to manage users from Portal, see the Manage Users section.
Edit and Delete Microsoft Active Directory Configuration
If your Microsoft Active Directory configuration changes, update the same in
API Developer Portal.
To edit the Microsoft Active Directory details, follow the steps:
- Log in to CA APIM Portal as an Administrator.
- On theAuthentication Schemespage, select the down arrow in theActionssection of a configured LDAP, and select Edit.
- In the Edit Authentication Scheme page, select an LDAP configuration to edit. For example, to edit the provider details, select the Provider Configuration option. Make the required changes and select Save.
- To delete Microsoft Active Directory that is configured withAPI Developer Portal: On the Authentication Schemes page, select the down arrow in theActionssection of a configured LDAP, and select Delete.