As of v6.0.20, Redis Enterprise Software supports two LDAP authentication mechanisms: the cluster-based mechanism supported in earlier versions and a role-based mechanism.

If you currently rely on the cluster-based mechanism, you can continue to do so in the short term. However:

  • You can only use one LDAP authorization mechanism at a time.

  • Support for the cluster-based mechanism is consider deprecated; it will be removed in a future version.

At some point, you’ll want to migrate to role-based LDAP.

Migration checklist

This checklist covers the basic process:

  1. Identify accounts per app (on the customer end).

  2. Create (or identify) an LDAP user account on the appropriate server, e.g. the one responsible for LDAP authentication and authorization.

  3. Create (or identify) an LDAP group that contains the app team members.

  4. Verify/configure the Redis Software ACLs.

  5. Configure each database ACL.

  6. Remove the earlier “external” (LDAP) users from Redis Software.

  7. Use Settings | LDAP to enable role-based LDAP.

  8. Map your LDAP groups to access control roles.

  9. Test application connectivity using the LDAP credentials of an app team member.

  10. (Recommended) Disable default access for the database to avoid anonymous client connections.

Because deployments and requirements vary, you’ll likely need to adjust these guidelines.

Ways to test access

There are several ways to test your LDAP integration, including:

  • Connecting with redis-cli and using the AUTH command to test LDAP username/password credentials.

  • Signing in to the admin console using LDAP username/password credentials authorized for the Administration role.

  • Signing in to RedisInsight using authorized LDAP username/password credentials.

  • Using the REST API to connect using LDAP username/password credentials.