Add an LDAP Server
This article explains how to define an LDAP/LDAPS server for authentication in an Exasol database.
This procedure is carried out using ConfD.
Prerequisites
-
The database must be stopped. For more information, see Stop a Database.
-
The database nodes must be able to connect to the LDAP server.
Procedure
The following examples use ConfD through the command-line tool confd_client, which is available on all database nodes. For more information, see ConfD.
-
Connect to EXAClusterOS (COS) on the cluster using
c4 connect -t <DEPLOYMENT>[.<NODE>]/cos. For example:If you do not specify a node, c4 will connect to the first active node in the deployment.
For more information about how to use
c4 connect, see How to use c4. -
To find the name of the database, use the ConfD job db_list. For example:
-
If the database is running, stop it now using the ConfD job db_stop. For example:
-
To add an LDAP server, use the ConfD job db_configure with the following parameters:
Parameter name Data type Description db_namestring The name of the database ldap_serverstring LDAP server URL, or comma-separated list of LDAP URLs The LDAP Server URL must start with either
ldap://orldaps://and must be reachable by the host. If the LDAP server is not using the default ports (389 for ldap, 636 for ldaps), add the port to the LDAP Server URL.You can add multiple LDAP server addresses as a comma-separated list. The servers will be tried in successive order.
For example:
confd_client db_configure db_name: MY_DATABASE ldap_server: "ldap://192.168.16.10:389, ldap://192.168.16.11:389, ldap://192.168.16.12:389"The Exasol database can only authenticate against one LDAP server. The LDAP servers in the list are tried in successive order if the first LDAP server is unavailable.
-
Start the database using the ConfD job db_start. For example:
Verification
To verify that the database is configured with the new properties, use the ConfD job db_info:
