Add an LDAP Server

This section explains how to define an LDAP/LDAPS server for authentication in an Exasol database.

This procedure is carried out using ConfD.

Prerequisites

  • The database must be stopped. For more information, see Stop a Database.

  • The database nodes must be able to connect to the LDAP server.

Procedure

The following examples use ConfD through the command-line tool confd_client, which is available on all database nodes. You can also access ConfD through XML-RPC in your own Python programs. For more information, see ConfD.

  1. Connect to EXAClusterOS (COS) using c4 connect -t <DEPLOYMENT>[.<NODE>]/cos. For example:

    c4 connect -t 1/cos

    In most cases it does not matter on which node you access ConfD. If you do not specify a node, c4 will connect to the first active node in the deployment. If the cluster is configured with an access node, the first node is the access node (usually n10). The command prompt in COS indicates which node you are connected to: 

    [root@n10 ~]#

    For more information about how to use c4 connect, see How to use c4.

  2. To find the name of the database, use the ConfD job db_list. For example:

    confd_client db_list
    - MY_DATABASE

  3. If the database is running, stop it now using the ConfD job db_stop. For example:

    confd_client db_stop db_name: MY_DATABASE

  4. To add an LDAP server, use the ConfD job db_configure with the following parameters:

    Parameter name Data type Description
    db_name string The name of the database
    ldap_server string LDAP server URL, or comma-separated list of LDAP URLs

    The LDAP Server URL must start with either ldap:// or ldaps:// and must be reachable by the host. If the LDAP server is not using the default ports (389 for ldap, 636 for ldaps), add the port to the LDAP Server URL.

    You can add multiple LDAP server addresses as a comma-separated list. The servers will be tried in successive order.

    For example:

    confd_client db_configure db_name: MY_DATABASE ldap_server: "ldap://192.168.16.10:389, ldap://192.168.16.11:389, ldap://192.168.16.12:389"

    The Exasol database can only authenticate against one LDAP server. The LDAP servers in the list are tried in successive order if the first LDAP server is unavailable.

  5. Start the database using the ConfD job db_start. For example:

    confd_client db_start db_name: MY_DATABASE

Verification

To verify that the database is configured with the new properties, use the ConfD job db_info: 

confd_client db_info db_name: MY_DATABASE

See also