Add an LDAP Server
This section explains how to define an LDAP/LDAPS server for authentication in an Exasol database.
For more information about using LDAP, see the links in See Also.
This procedure is carried out using ConfD.
Prerequisites
-
The database must be stopped. For more information, see Stop a Database.
-
The database nodes must be able to connect to the LDAP server.
Procedure
The following examples use ConfD through the command-line tool confd_client, which is accessible on all database nodes. You can also access ConfD through XML-RPC in your own Python programs. For more information, see ConfD.
-
To find the name of the database, use the ConfD job db_list. For example:
-
To add an LDAP server, use the ConfD job db_configure.
The LDAP Server URL must start with either
ldap://orldaps://and must be reachable by the host. If the LDAP server is not using the default ports (389 for ldap, 636 for ldaps), add the port to the LDAP Server URL. You can add multiple LDAP server addresses as a comma-separated list. The servers will then be tried in successive order.For example:
confd_client -c db_configure -a '{db_name: Exasol, ldap_server: "ldap://192.168.16.10:389, ldap://192.168.16.11:389, ldap://192.168.16.12:389"}'The Exasol database can only authenticate against one LDAP server. The additional LDAP servers are only used if the first LDAP server is unavailable.
-
Start the database. For more information, see Start a Database.
Verification
To verify that the database is configured with the new properties, use the ConfD job db_info:
See Also
- Authentication using LDAP
- LDAP Server Configuration
- Manual LDAP connection test
- Synchronization of LDAP/Active Directory Groups and Members
