LDAP integration with Kinetica is accomplished through an Apache httpd proxy. This proxy comes packaged with Kinetica and can be found in /opt/gpudb/httpd. OpenLDAP's LDAP server daemon (slapd) is also included in this directory. We have preconfigured httpd to work with this instance of slapd. If you would like to use your enterprise's own LDAP, you just need to modify the /opt/gpudb/httpd/conf/httpd/httpd.conf file's Location section. Since this portion is controlled by Apache httpd, not Kinetica, please see the Apache documentation for further details.
If you will be using the included version OpenLDAP, you must start and initialize this manually using the commands:
sudo /opt/gpudb/httpd/gpudb-openldap.sh start
/opt/gpudb/httpd/openldapopenldap-init.sh
Note: Only run `/opt/gpudb/httpd/openldapopenldap-init.sh` once, the first time openldap is started.
Once connected to an LDAP server, you can use LDAP users for all Kinetica administration. First you will need to create a user Kinetica user with administrative permissions that is tied to an LDAP user. To do this:
Note: Although you created the user with the username *@<username>*, the user will log in with their regular username, without the "@".