First i added the below script to
/opt/apigee/customer/application/management-server.properties
## The first property is always required to enable the external authorization feature.
## Do not change it.
**conf_security_externalized.authentication.implementation.class=com.apigee.rbac.impl.LdapAuthenticatorImpl**
## Identify the type of binding:
## Set to "true" for direct binding
## Set to "false" for indirect binding.
**conf_security_externalized.authentication.bind.direct.type=true**
## The next seven properties are needed regardless of direct or indirect binding. You need to
## configure these per your external authentication installation.
## The IP or domain for your external LDAP instance.
<strong>conf_security_externalized.authentication.server.url=*ldap://localhost:389*</strong>
## Your external LDAP server version.
**conf_security_externalized.authentication.server.version=3**
## The server timeout in milliseconds.
**conf_security_externalized.authentication.server.conn.timeout=50000**
## Change these baseDN values to match your external LDAP service. This attribute value will be
## provided by your external LDAP administrator, and may have more or fewer dc elements depending
## on your setup.
<strong>conf_security_externalized.authentication.user.store.baseDN=*dc=apigee,dc=com*</strong>
## Do not change this search string. It is used internally.
**conf_security_externalized.authentication.user.store.search.query=(&(${userAttribute}=${userId}))**
## Identifies the external LDAP property you want to bind against for Authentication. For
## example if you are binding against an email address in Microsoft Active Directory, this would be
## the userPrincipalName property in your external LDAP instance. Alternatively if you are binding
## against the user's ID, this would typically be in the sAMAccountName property:
**conf_security_externalized.authentication.user.store.user.attribute=userPrincipalName**
## The LDAP attribute where the user email value is stored. For direct binding with AD, set it to
## userPrincipalName.
**conf_security_externalized.authentication.user.store.user.email.attribute=userPrincipalName**
## ONLY needed for DIRECT binding.
## The direct.bind.user.directDN property defines the string that is used for the bind against the
## external authentication service. Ensure it is set as follows:
**conf_security_externalized.authentication.direct.bind.user.directDN=${userDN}**
also added the below
conf_security_authentication.user.store=externalized.authentication
and enabled this in configuration file of all nodes
USE_LDAP_REMOTE_HOST=n
please confirm if these steps are correct