This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

How to make LDAP resource name configurable?

Posted on 10-30-2016 12:22 AM
zubermohammad
Silver 3
Silver 3
Reply posted on --/--/---- --:-- AM

I have a situation where I need to configure the LDAP resource name based on environment. I have used KVM to configure the name but not able to use a reference in LdapResource element.

This does not have any ref attribute nor does it support referencing using curly brackets syntax.

Has anyone ever tried this? Do we have a restriction on this? If so then why do we have it?

Thanks...

0 3 272
Topic Labels
0 Likes
3 REPLIES 3

Posted on --/--/---- --:-- AM
schhatwal
New Member
Reply posted on --/--/---- --:-- AM

@Mohammed Zuber

Hi , I just wanted to clarify a few points

1. This is the default LdapResource configuration <LdapResource>ldap1</LdapResource> </Ldap>

You can configure the LdapResource to point to a different LDAP based on the environment and there is no need to touch this configuration

LDAP DEV Config
{notice host name change}		LDAP UAT Config

{notice host name change}

LDAP PROD Config

{notice host name change}

<LdapResource name="ldap1">

<Connection>

<Hosts>

<Host>dev.foo.com</Host> </Hosts>

<Admin>

<DN>cn=manager,dc=apigee,dc=com</DN>

<Password>secret</Password>

</Admin>

</LdapResource>

<LdapResource name="ldap1">

<Connection>

<Hosts>

<Host>uat.foo.com</Host> </Hosts>

<Admin>

<DN>cn=manager,dc=apigee,dc=com</DN>

<Password>secret</Password>

</Admin>

</LdapResource>

<LdapResource name="ldap1">

<Connection>

<Hosts>

<Host>prod.foo.com</Host> </Hosts>

<Admin>

<DN>cn=manager,dc=apigee,dc=com</DN>

<Password>secret</Password>

</Admin>

</LdapResource>


2. You want to reference the LDAP resource dynamically based on the environment

Dev Config : <LdapResource>{ldap-dev}</LdapResource> </Ldap>

UAT Config : <LdapResource>{ldap-uat}</LdapResource> </Ldap>

What is the detailed use case for this scenario as the resource name can be static across each environment covered in the first point and still point to the respective LDAP resources.This will not impose any issue during proxy promotion from one environment to the other.

Please let us know !

Cheers

Saurabh

0 Likes

Posted on --/--/---- --:-- AM
zubermohammad
Silver 3
Silver 3
In response to schhatwal
Reply posted on --/--/---- --:-- AM

Hi @schhatwal,

My scenario is of type 2 where we have to authenticate user based on user type. So there will be a dynamic variable which will determine selected LDAP resource.

I have tried using the curly brackets syntax but the deployment will fail with error "Invalid external LDAP resource".

Any suggestions how to handle this.

Thanks...

0 Likes

Posted on --/--/---- --:-- AM
schhatwal
New Member
Reply posted on --/--/---- --:-- AM
@Mohammed Zuber

Hi @Mohammed Zuber

You may need to configure multiple LDAP Resources in your environment and use more than one LDAP Policy to perform conditional policy execution based on user-type.

<Condition>(user.type== "dev-user") </Condition>

... Invoke LDAP Policy connecting to DEV LDAP.

Let me know if this suits your scenario.

PS : I am also curious to know about multiple LDAP instances in the same Environment

Cheers

Saurabh

0 Likes