Ldap connectivity in apigee x via proxy

souravhi5 · 12-19-2022 07:03 AM

We have to connect Ldap directory from apigee x and there will be a GET operation via apigee proxy. We have succesfully created the connection in https://console.cloud.google.com/connectors/connections. Now we have an endpoint "ldaps://ldap.xyx.edu:656" which is not http. So we used connector task.
After that as per request parameter we have given a parameter from given request xml body by client not able fetch data in test connection.
We have these details:
apigee x + proxy requirement doc,
target endpoint-ldaps://ldap.xyz.edu:656
request body: in xml which consist ldap attributes.
response body: json
Please suggest.

dchiesa1

It is not possible to use Apigee X as a transcoding gateway that accepts HTTP inbound, and uses an LDAP endpoint as TARGET.

It is possible to connect Apigee X to an LDAP endpoint, via an intermediary GRPC server, using the ExternalCallout policy. There's an example here: https://github.com/srinandan/external-callout-samples

In this case the LDAP endpoint is not a TARGET, but is a connected system. The flow is , all within the request flow....

Apigee API Proxy.... ExternalCallout -> GRPC Service - > LDAP

And then the request flow continues, and Apigee can proxy into the HTTP Target, whatever it is.

You also mentioned JSON, XML, and some other things. I think you need to break down your requirements into smaller bites. First figure out how to connect in LDAP. Then worry about the other parts. It won't be hard to transform between XML and JSON and back, in the proxy.

souravhi5

Thanks for this. Can we get more details on GRPC service?
1. How we can create/expose url which ExternalCallout will call?
2. Where we can host that GRPC?
3. How we can design this GRPC based infrastructure?
4. As in the given link docker is required. .go is required. How much cost is involve ?
5. Any code scippet is available for how to set the request, how to get the response and function/method for connecting ldap?

Former Community Member

For questions #1 and #2, you could host the gRPC service on Cloud Run. Since Cloud Run scales to zero, you only pay for what you use. If you have the service in Cloud Run, Cloud Run generates a URL (in the format https://<app>-<hash>.run.app). This can be protected with IAM authentication & authorization.

Here are some high level steps:

Use the steps shown in the link above to build and deploy the solution to Cloud Run. Enable authentication when deploying.
Create a target server in Apigee X with GRPC and the hostname set to the Cloud Run hostname.
Build an API Proxy which uses External Callout. Enable Google Authentication in the External Callout. (look at this example)
Create or use a service account which has permissions to invoke the Cloud Run service.
When deploying the proxy, use the service account.

shaaland

Hi @souravhi5 ,

Since you successfully created a Connection to LDap, another option is to use Integration, which uses the connection via a Connector Task. Integration will essentially be able to convert the LDAP protocol to an API Trigger, which you can then invoke from Apigee X as an Integration Target or with an Integration Callout Policy.

If you are using Apigee X Pay as you Go, then you can use Application Integration from the GCP Console.

If you are using Apigee X as a subscription, then you need to have the Integration Entitlement in your Apigee X Org, and the Integration and Connectors Add-ons enabled in the Apigee org.