Add an LDAP Configuration

To use your own Lightweight Directory Access Protocol (LDAP) authentication service, Data Hub Service (DHS) must be able to access your Active Directory (AD).

You must set up your own LDAP server before configuring and creating the DHS instance:

  • by setting up VPC peering for the LDAP server, or
  • by making your Active Directory publicly visible (Not recommended)

Before you begin

You need:

Peered Track

Public Track

About this task

This task adds an LDAP configuration to your Data Hub Service (DHS) portal. Configure LDAP to manage users externally to DHS.
Important: MarkLogic does not recommend configuring LDAP in a public network. To improve security, configure LDAP in a peered network. See Set Up a Peered Network for Data Hub Service - AWS.
Important: For this task, you must log into your DHS portal with the Security Administrator (SEC-ADMIN) portal role. See Portal Security Roles - AWS.

Procedure

  1. Go to the MarkLogic Data Hub Service home page and select LDAP from the menu.
  2. In the Configure LDAP page, click the Add Config button.

    Configure LDAP page
  3. In the Add LDAP Config page, configure your LDAP settings.

    Add LDAP Config page
    Field Description
    Network The name of the pre-configured network to use. The network can be secure or public.
    Important: MarkLogic does not recommend using a public network for your LDAP service configuration.
    Region Not configurable. The region where your preconfigured network is located.
    Name Name for this LDAP configuration
    Security Admin DN The Distinguished Name for the Service Security Admin role. For details about the role, see Portal Security Roles - AWS and Instance Security Roles.
    Note: A Distinguished Name (DN) is a sequence of Relative Distinguished Names (RDNs), which are attributes with associated values expressed by the form attribute=value. Each RDN attribute is separated by a comma in a DN.
    DNS Address The comma-separated list of the IP addresses of your LDAP servers. Example: 10.0.32.193,10.0.65.140
    Server URI The URI of the LDAP server. Example: ldaps://ldap.mlaas.marklogic.com
    Base The starting point for search. Example: DC=ldap,DC=mlaas,DC=marklogic,DC=com
    Default User The LDAP user to be used by MarkLogic. Example: CN=Admin,OU=Users,OU=ldap,DC=ldap,DC=mlaas,DC=marklogic,DC=com
    Password / Re-Enter Password The password for the LDAP default user account.
    Bind Method Default is Simple. The LDAP default user must be a Distinguished Name (DN).

    Click the following link to view a full list of authentication resources.

If you are a Data Hub Security Administrator, you can configure additional settings in the Advanced Config section. The Data Hub Security Administrator can modify LDAP groups for DHS.
  1. (Optional) Expand Advanced Config.

    Configure LDAP page
    Field Description
    Ldap attributeThe LDAP attribute for user lookup.
    Memberof attributeThe LDAP attribute for group lookup. Used to search for the groups of a user.
    Member attributeThe LDAP attribute for group lookup. Used to search for the group of a group.
  2. Click Add.

Results

The Configure LDAP page is displayed with your LDAP configuration.


LDAP configured

What to do next