Deploying LDAP

Edit online

Detailed procedure to deploy the LDAP for IBM Verify Identity Governance - Container.

Before you begin

If you are performing a fresh install of IBM Verify Identity Governance - Container or migrating from a legacy Identity Manager setup, the LDAP deployment is handled during the container installation process. The configure.sh script prompts you to provide the various parameters required for LDAP deployment.

You must have a LDAP key for LDAP installation. This key is available through Passport Advantage site. Ensure that the key is pasted as a single line, without any spaces or line breaks.

LDAP deployment

As part of the deployment process, LDAP is deployed automatically. Note the following points:
  • The SSL certificates are automatically generated and placed in config/certs directory.
  • You must provide the following details in config.yaml file:
    • The admin password
    • Org short name
    • Org long name
  • If you want to use your own LDAP server (and not the auto-deployed LDAP), then you must provide all the parameters in config.yaml file.
  • By default, there is no external access to LDAP. To enable external LDAP access:
    • From the yaml directory, run kubectl apply -f 115-service-ldapExt.yaml
    • Single LDAP server
      In the case of a single LDAP server, it can be reached externally at: ldaps://<node_IP>:30637

      In this case, provide the administrator user ID and password used for LDAP setup. For example: cn=root and the password used for the LDAP setup.

      High-Availability (HA) LDAP server
      In the case of a High-Availability (HA) LDAP server, it can be reached externally at: ldaps://<node_IP>:30636

      In this case, you must use: cn=manager,cn=ibmpolicies

Next step

After the LDAP deployment and IBM Verify Identity Governance - Container installation or migration is complete, proceed to the configuration activities.