When configuring GemFire XD to use LDAP as your
authentication service, you must specify which LDAP server to use.
- Set the
to "LDAP" when you start each locator and server in the GemFire XD distributed
- When you set the
to "LDAP," GemFire XD uses LDAP for authenticating distributed system members as
well as clients to the distributed system. For this reason, GemFire XD members
must supply the
user option (and
password option) at
startup. If you omit the
password option, the
GemFire XD member prompts you for a password at the command line.
- Set the
property to the URL to the LDAP server. For example:
You can specify the LDAP server with only the server name, the
server name, and its port number separated by a colon, or an "ldap" URL. If a
full URL is not provided, GemFire XD uses unencrypted LDAP by default. To use
SSL-encrypted LDAP, provide a URL starting with "ldaps://".
Note: This property must be specified either as a Java system property
or in the
gemfirexd.properties file. For example, when
booting a new GemFire XD server with
gfxd, you could use the command-line option
specify the Java system property.
- If you use SSL-encrypted
LDAP and your LDAP server certificate is not recognized by a valid Certificate
Authority (CA), create a local trust store for each GemFire XD member and import
the LDAP server certificate to the trust store. See
for more information.
- If you performed step 3,
javax.net.ssl.trustStorePassword system properties
when you start individual GemFire XD members. For example:
gfxd server start -dir=./server -locators=localhost -client-port=1528 -auth-provider=LDAP \
-J-Dgemfirexd.auth-ldap-server=ldaps://ldapserver:636/ -user=user_name -password=user_pwd \
Note: javax.net.ssl.trustStore and
javax.net.ssl.trustStorePassword must be specified
as Java system properties (using the -J option on the
gfxd command line).
Note: LDAP server and search properties must be set to the same value for
each member of the GemFire XD distributed system. However, individual GemFire XD
members can be started using different authenticated user credentials, trust
stores, and so forth.