Add an LDAP Server

The database supports authentication against an LDAP/LDAPS server. For more information, see Authentication using LDAP.

This section describes how to define the LDAP server that the database should authenticate with.

Prerequisites

  • The database must be stopped. For more information, see Stop a Database.

  • The database nodes must be able to connect to the LDAP server.

Procedure

This procedure is carried out using ConfD.

The ConfD examples are written in Bash on a Linux terminal running the Exasol tool confd_client, which is accessed by connecting to EXAClusterOS on the database nodes using Exasol Deployment Tool (c4). You can also interact with ConfD from an external tool using Python and XML-RPC. For more information, see ConfD.

Placeholder values are indicated with UPPERCASE characters. Replace the placeholders with your own values.

  1. To find the name of the database, use the ConfD job db_list:

    confd_client -c db_list
  2. To add an LDAP server, use the ConfD job db_configure.

    The LDAP Server URL must start with either ldap:// or ldaps:// and must be reachable by the host. If the LDAP server is not using the default ports (389 for ldap, 636 for ldaps), add the port to the LDAP Server URL.

    For example:

    confd_client -c db_configure -a '{db_name: DATABASE_NAME, ldap_server: 'ldap://192.168.16.10:389'}'

    Exasol is only able to authenticate against one LDAP server. Additional LDAP servers are only used if the first LDAP server is unavailable.

  3. Start the database. For more information, see Start a Database.

Verification

To verify that the database is configured with the new properties, use the ConfD job db_info:

confd_client -c db_info -a 'db_name: DATABASE_NAME'

See Also