WSO2 APIM | External LDAP Integration

-

I am writing this article to share my experience while working with a secondary user store requirement in WSO2 API Manager. So, WSO2 provides an in-built user store for user management capabilities and facilitates integration with a secondary user store as well. A Secondary user store could be an LDAP, Microsoft Active Directory, or even an RDBMS user store as well. In this article, I'll cover LDAP user store integration with WSO2 API Manager and you can follow the path if you have a similar kind of business requirement.

Business Requirement
So, my business requirement was to provide token-based API access and to proceed with password grant type for token API while the user base remains in an external user store.

Technical Feasibility in WSO2 APIM
The requirement is technically feasible as an OOTB capability provided by WSO2 with some configurations via the carbon console. This article assumes you have existing LDAP server running. So I have to procure the following details from LDAP server for integration purposes-
  1. LDAP Server IP & Port
  2. Protocol- ldap or ldaps
  3. Procure the SSL Certificate in case of ldaps
  4. Base DN & Password
  5. User Search Base
  6. Group Search Base
Implementation
To proceed with the implementation, we have to follow the below steps-
1. Login to the carbon console (http://host:port/carbon)
2. Navigate to User Stores from left navigation menu and click on + Add option


3. Fill all the details as per your environment, I have provided some sample values as per my environment-
  • Choose ReadWriteLDAPUserStoreManager
  • Domain name :  external-ldap  (you can use any logical name)
  • Description : external ldap for user authentication
  • Connection URL: ldaps://192.16.0.9:10389 (must import the certificate inside $APIM_HOME/repository/resources/security in case of ldaps)
  • Connection Name: cn=admin,ou=sa,o=system
  • Connection Password: **********
  • User Search Base: ou=users,o=data
  • Group Search Base: ou=groups,o=data

4. Finally Click on Update button available in the bottom of the form.
5. It takes few seconds depending upon network latency to refresh the user store in listing and it looks like below-

6. This means, our ldap has been configured. Now let's verify the users are being listed via users via path Home > Identity > Users and Roles > List


So, the users are now being shown with respective domain in the users list. This means our LDAP integration is successful.

Just to note that, if the user stores list shows the newly created user store name but the users are not visible in the users listing, we must check for wso2carbon logs for any error. 

Reference: https://apim.docs.wso2.com/en/3.2.0/administer/managing-users-and-roles/managing-user-stores/configure-primary-user-store/configuring-a-read-write-ldap-user-store/



Comments

  1. bhanuJanuary 7, 2023 at 10:55 AM

    This comment has been removed by a blog administrator.

    ReplyDelete
  2. bhanuJanuary 7, 2023 at 10:55 AM

    This comment has been removed by a blog administrator.

    ReplyDelete

Post a Comment

Popular posts from this blog

Oracle SOA Suite- Implementing Email Notification

-
Image
In this post, I am going to show how to implement email notifications in Oracle SOA Suite using BPEL process. So let's get started- Implementing email notification in Oracle SOA Suite consists of below steps: Environment- IDE- Oracle jDeveloper 11g Weblogic Server 12c Oracle SOA Suite 12c High Level Steps Keep ready email server settings. Configure & enable usermessagingdriver-email for target SOA servers via console. Setting up Email driver (usermessagingdriver-email )with email server settings via enterprise manager. Enable notifications for SOA workflows(make sure either All or EMail option is selected).. Create SOA composite application Deploy it on SOA server. Testing & done. 1. Keep ready email server settings. Keep ready your below email server settings: Outgoing Mail Server          : smtp.domain.com Outgoing Mail Server Port   : xxx Default From Address         : username@doamin.com Outgoing Username            : actualemailid@doma
Read more

Oracle SOA Suite 12c- PKIX path building failed & unable to find valid certification path to requested target

-
Image
Hi Everyone, in this blog I'll be writing one of the strange issue that has been encountered while working with a Oracle SOA composite running in Oracle IDAM environment and trying to invoke a SSL based remote service where SSL certification based exception has been thrown during the service invocation. Environment Oracle SOA Suite 12c  (HA Mode) Oracle IDAM 12c (HA Mode) Oracle Linux 7 External Web Service (SOAP Service) Problem Below is the exception thrown when trying to invoke an external webservice (SSL Based) via BPEL process- <bpelFault><faultType>0</faultType><remoteFault xmlns="http://schemas.oracle.com/bpel/extension"><part name="summary"><summary>oracle.fabric.common.FabricInvocationException: Unable to invoke endpoint URI "https://idam.uppclonline.com/soa-infra/services/default/DefaultOperationalApproval!5.12*soa_69e4734b-d8fe-4edf-b44e-e287f61c2ddf/SMSNotification%23ApprovalProcess/SMSNotification" succe
Read more

Migration of Oracle SOA Suite Composite from 11g to 12c

-
Image
Recently I have came across a scenario where I have a business requirement of  migration of Oracle SOA Suite 11g(11.1.1.7.0) to 12c(12.1.3.0). Below are the different mechanisms I have tried to do, few of them failed and one succeeded. Working in Oracle SOA Suite 11g is completely different from 12c. In 11g, we need to install the jDeveloper(11.1.1.7) then SOA extension separately to be installed either via offline file  (download available at  https://www.oracle.com/ocom/groups/public/@otn/documents/webcontent/156082.xml ) or through jDeveloper top menu >>  Help >> Check for Updates >> SOA Extension.  While working with 12c doesn't involves such tedious job. Only single installer is required for jDeveloper/SOA/Weblogic and is available as QuickStart Installer(download available at https://www.oracle.com/technetwork/middleware/soasuite/downloads/index.html). Approach 1- Compress(Zip) SOA composite code of 11g version (11.1.1.7.0) and unzip to a differe
Read more