Configuring the Server for LDAP

To configure the server for LDAP authentication, modify the csi.xml or csi_ldap.xml files.

By default, the installation process creates a cluster configuration file called node1.xml. This file contains security information for the cluster, including a reference to the file that determines the authentication type. If you created a different cluster name during installation, your cluster configuration file will take the format <node-name>.xml.

When LDAP is the active authentication method, the <node-name>.xml file refers to a csi_ldap.xml file, which provides configuration information for LDAP authentication. Event Stream Processor provides a default csi_ldap.xml file in the ESP_HOME/security directory that you can use as a template and modify based on your specific LDAP implementation. At a minimum, you must provide values for the ServerType, ProviderURL, DefaultSearchBase, RoleSearchBase, and AuthenticationScope parameters, as determined by your LDAP implementation.

If you selected LDAP at installation time, there is no need to modify the <node-name>.xml . If you installed with a different authentication type, perform these steps to enable and configure LDAP authentication:

  1. Use a text editor to open the LDAP configuration file provided by Event Stream Processor, csi_ldap.xml, located in ESP_HOME/security.
  2. Add implementation-specific values for the ServerType, ProviderURL, DefaultSearchBase, RoleSearchBase, and AuthenticationScope parameters, as well as any other parameters you want to set.
    Note: While setting values for the parameters mentioned here is sufficient in the majority of cases, you may, depending on your environment settings, have to specify additional values. The sample csi_ldap.xml file located in $ESP_HOME/cluster/examples contains additional parameters and descriptions you can use for reference.
  3. Save and close the csi_ldap.xml file.
  4. Use a text editor to open the cluster configuration file, ESP_HOME/cluster/<node-name>/<node-name>.xml.
  5. Within the <Security> section of the cluster configuration file, in the <CSI> section, change the <File> value to csi_ldap.xml, as follows:
    <Csi>
  <File>csi_ldap.xml</File>
<Csi>
  6. Restart the server, including all cluster managers.
Parent topic: Username-Password Authentication