Obtaining Configuration Properties Using LDAP
LDAP (Lightweight Directory Access Protocol) is a well-established emerging
standard for access to corporate directories, such as Microsoft
Active Directory and Novell Directory. You can use LDAP to store
security information, for example, user IDs and passwords, and configuration
properties.
iWay Service Manager (iSM) supports LDAP for looking up parameters
to be used in processing exits. In iSM, processing exits include
preparsers, preemitters, and services. The LDAP information is resolved
at iSM start-up time.
In LDAP, a directory is subdivided into contexts. Within each
context, a filter describes a section of the directory from which
an attribute is to be obtained. For example, in the iWay Software
context, under the filter of <surname='Smith', system='SmithSystem'>,
the attribute password would be Smith's password in SmithSystem.
Using LDAP to store configuration properties offers the following
benefits:
- There is no
duplication of information in the iSM configuration files.
- Any configuration
property can be accessed directly from any LDAP-enabled directory.
- As information
in the registry changes, the change is automatically propagated
to iSM during the next start up, without reconfiguring iSM.
x
You can use an LDAP look-up request for most properties
in the iSM configuration. To use LDAP, you must define the LDAP
directory to iSM. You enter the LDAP provider URL that identifies
the path to the LDAP directory and optionally, a root context, for example:
ldap://iwaldap:1234/dc=people, do=etc
After it is provided, the initial context is used unless it is
overridden in an LDAP access request function elsewhere in the configuration.
Some configurations require that you also enter a valid user
ID and password on the LDAP directory server. If you request LDAP
access and it is not authorized, you cannot start iSM. LDAP servers
that are configured to provide anonymous access do not require a
user ID or password.
After you receive authorization to use an identified LDAP context,
you can specify the value of any property as:
LDAP(filter;attribute_to_get[;context])
The context is optional, defaulting to the context set in the
initial LDAP access specification. Failure to locate the attribute
within the context under the filter results in an empty property
value.
You must configure access to an LDAP server before using LDAP
as a means of storing parameters for use by iSM.
x
Procedure: How to Configure Access to an LDAP Server
To configure
LDAP:
-
In the
top pane, click Server.
-
From
the Providers list in the left pane, click Directory Provider.
The
Directory Provider pane opens.
-
Click New.
The Directory Providers: LDAP pane opens.
-
Type
the property values that are specific to your LDAP server.
-
Click Add.
Example: Configuring an FTP Listener Using LDAP
Any
property can be retrieved using LDAP. The following image shows
a sample configuration of an FTP listener where the user name and
account name are retrieved from LDAP.
LDAP(CN=John Smith; sAMAccountName)
