Configure the following settings.
When completing this configuration, click:
- Test the connection to check the connection settings.
- Test authentication to check the authentication settings.
Connection URL
The URL of the LDAP server – for example:
ldap://ldap.example.com:389Enable StartTLS
On to enable StartTLS so that plain LDAP connections are updated to secure ones; Off to disable StartTLS.
When enabling StartTLS, follow the steps below to import the validation chain of the LDAPS certificate.
To import the LDAPS certificate validation chain
- Run the clusterctl database info command.
- Copy the certificate chain from the console output and save it to a file.
- Edit the file and add the CA certificates of the LDAPS certificate validation chain.
- Run the clusterctl database set command to import the updated file.
Use Truststore SPI
The truststore for SSL/TLS certificate validation.
Option | Truststore |
|---|---|
Always | The internal truststore |
Always | A JVM truststore |
Connection pooling
On to reuse LDAP connections instead of creating a new one for each request. This option creates a new connection for each request; Off to create a new connection for each request.
Connection timeout
The maximum waiting time (in milliseconds) to establish a connection to LDAP.
Bind type
The mechanism for authenticating on the LDAP server.
Option | Mechanism |
|---|---|
simple | DN (Distinguished Name) and password for authentication |
none | Anonymous authentication |
Bind DN
The account to connect and perform operations in the LDAP server – for example:
cn=admin,dc=example,dc=comThe selected account must have sufficient privileges to read user attributes and to write changes (if synchronization is enabled).
Bind credentials
The password for the Bind DN account.
Store this password securely and rotate it periodically.