LDAP Identity Providers

The Policy Manager allows you to base your LDAP connector configuration on a pre-defined template. Four templates are available at installation:
gateway83
The Policy Manager allows you to base your LDAP connector configuration on a pre-defined template. Four templates are available at installation:
  • Oracle (Oracle Internet Directory)
  • TivoliLDAP (Tivoli Access Manager)
  • MSAD (Microsoft Active Directory)
  • GenericLDAP (e.g., CA Directory)
The Policy Manager supports the LDAP 3.0 standard.
Simple LDAP Identity Providers
The Policy Manager also supports Simple LDAP Identity Providers. This is designed for users who wish to use an existing LDAP server to authenticate requests to the
Layer7 API Gateway
, but who do not want (or are not able) to configure mappings for users, groups, certificates, etc. The Simple LDAP Identity Provider only requires a DN pattern; the
Layer7 API Gateway
will use the user name provided by the client and attempt to do a bind with the client-provided password.
LDAP Identity Provider Users and Groups
To add users and groups to an LDAP Identity Provider, you must use the tools provided with your LDAP directory. The Policy Manager cannot be used to add, edit, or delete LDAP Identity Provider users and groups. The reason for this is that the LDAP Identity Provider defined in the Policy Manager is only a connector to an existing LDAP directory.