In this section: |
Configuring the adapter consists of specifying connection and authentication information for each of the connections you want to establish.
How to: Reference: |
In order to connect to LDAP, the adapter requires connection information. You supply this information using the SET CONNECTION_ATTRIBUTES command. You can:
You can configure the adapter from either the Web Console or the Data Management Console.
or
From the Data Management Console, expand the Adapters folder.
The Adapters folder opens.
The Add Adapter to Configuration pane opens.
The LDAP adapter in under the DBMS group folder.
The following list describes the connection attributes for which you can supply values. To complete the attribute declaration, click the Configure button.
Logical name used to identify this particular set of connection attributes. The default is CON01.
Name of the LDAP vendor: Sun, IBM, Novell, Microsoft.
Address of the host machine on which the LDAP server is located.
There are two authentication methods when connecting to an LDAP server:
Primary authorization ID by which you are known to the data source.
Password associated with the primary authorization ID.
The LDAP server uses two different ports, one for regular connections (the default is 389); the other is for SSL connections (the default is 636).
To connect to LDAP through the SSL connection (secure connection), enter an LDAP port that is specifically configured by LDAP to accept SSL connections.
The suffix that is appended to the user name to create a Distinguished Name (DN).
This option is required for Explicit security. Otherwise, it is ignored.
Note: If you need to configure a User DN Base with an empty value in the connection string, insert an empty quoted string represented as "" in the input box.
The name of the user attribute used in DN.
This option is required for Explicit security. Otherwise, it is ignored.
This option applies only if an ldap_secure_connection has been set to use a Secure Socket Layer (SSL) session with the LDAP server.
Enter the name of the LDAP attribute used by the API to establish the SSL/TLS connection. The API can be one of the following:
Specifies the file name (including path) of the Trusted Root Certificate that the LDAP server provides for authentication.
Specifies the path to cert7.db (Netscape certificate database excluding the file name) that the LDAP server provides for authentication.
Specifies file name (including path) of the ldapkey.kdb (IBM key database file) that the LDAP server provides for authentication. (Note that the ldapkey.sth password stash file must be in the same directory.)
For Novell only, in the ldap_ssl_certificate_encoding field select the standard used to encode the certificate from the drop-down list. The options are:
B64
DER
Note that encryption and file format depend on API vendor specifications.
Select a profile from the drop-down menu to indicate the level of profile in which to store the CONNECTION_ATTRIBUTES command. The global profile, edasprof.prf, is the default.
If you wish to create a new profile, either a user profile (user.prf) or a group profile if available on your platform (using the appropriate naming convention), choose New Profile from the drop-down menu and enter a name in the Profile Name field (The extension is added automatically).
Store the connection attributes in the server profile (edasprof).
ENGINE X500IN SET CONNECTION_ATTRIBUTES conn_nameldap_server_url/ [userid[,password]]:'PORT ldap_server_port_number [SSLCERT ssl_certificate SSLCERTENC ssl_certificate_encoding] UDNBASE user_dn_suffix UDNATTRIBUTE user_rdn_name'
where:
Is the suffix for the Adapter for LDAP.
Is a logical name used to identify this particular set of attributes.
Is the address of the host machine on which the LDAP server is located.
Is the primary authorization ID by which you are known to LDAP.
Is the password associated with the primary authorization ID.
Is the LDAP server port number. (The SSL port should be used for the secure connection.)
Is the location of the SSL certificate file.
SSL certificate file encoding.
The suffix that is appended to the user name to create a Distinguished Name (DN).
The name of the user attribute used in the DN.
Note: UDNBASE and UDNATTRIBUTE are required for the Explicit security. Otherwise, they are ignored.
ENGINE X500IN SET CONNECTION_ATTRIBUTES CON02 edasol29/ pgmavv,CD25FFDBB91B6790:'PORT 389 UDNBASE ou=iway,dc=ibi,dc=com UDNATTRIBUTE uid'
iWay Software |