Configuring the Adapter for LDAP

In this section:

x

Configuring the adapter consists of specifying connection and authentication information for each of the connections you want to establish.


Top of page

x
Declaring Connection Attributes

How to:

Reference:

In order to connect to LDAP, the adapter requires connection information. You supply this information using the SET CONNECTION_ATTRIBUTES command. You can:



x
Procedure: How to Declare Connection Attributes

You can configure the adapter from either the Web Console or the Data Management Console.

  1. From the Web Console menu bar, click Adapters.

    or

    From the Data Management Console, expand the Adapters folder.

    The Adapters folder opens.

  2. Expand the Available folder, if it is not already expanded.
  3. Expand the appropriate group folder and the specific adapter folder. The group folder is described in the connection attributes reference.
  4. Right-click the adapter name and/or version and select Configure.

    The Add Adapter to Configuration pane opens.

  5. Enter values for the parameters required by the adapter, as described in the connecton attributes reference.
  6. Click Configure. The configured adapter is added to the Adapters list in the navigation pane.


x
Reference: Connection Attributes for LDAP

The LDAP adapter in under the DBMS group folder.

The following list describes the connection attributes for which you can supply values. To complete the attribute declaration, click the Configure button.

Connection name

Logical name used to identify this particular set of connection attributes. The default is CON01.

LDAP Vendor

Name of the LDAP vendor: Sun, IBM, Novell, Microsoft.

LDAP Host

Address of the host machine on which the LDAP server is located.

Security

There are two authentication methods when connecting to an LDAP server:

  • Explicit. The user ID and password are explicitly specified for each connection and passed to the LDAP server at connection time for authentication.
  • Trusted. The adapter connects to the LDAP server using anonymous bind.
User

Primary authorization ID by which you are known to the data source.

Password

Password associated with the primary authorization ID.

Port

The LDAP server uses two different ports, one for regular connections (the default is 389); the other is for SSL connections (the default is 636).

To connect to LDAP through the SSL connection (secure connection), enter an LDAP port that is specifically configured by LDAP to accept SSL connections.

User DN Base

The suffix that is appended to the user name to create a Distinguished Name (DN).

This option is required for Explicit security. Otherwise, it is ignored.

Note: If you need to configure a User DN Base with an empty value in the connection string, insert an empty quoted string represented as "" in the input box.

User DN Attribute

The name of the user attribute used in DN.

This option is required for Explicit security. Otherwise, it is ignored.

SSL Certificate

This option applies only if an ldap_secure_connection has been set to use a Secure Socket Layer (SSL) session with the LDAP server.

Enter the name of the LDAP attribute used by the API to establish the SSL/TLS connection. The API can be one of the following:

Novell API, OpenLDAP API

Specifies the file name (including path) of the Trusted Root Certificate that the LDAP server provides for authentication.

Sun/Netscape API

Specifies the path to cert7.db (Netscape certificate database excluding the file name) that the LDAP server provides for authentication.

IBM API

Specifies file name (including path) of the ldapkey.kdb (IBM key database file) that the LDAP server provides for authentication. (Note that the ldapkey.sth password stash file must be in the same directory.)

SSL Certificate Encryption

For Novell only, in the ldap_ssl_certificate_encoding field select the standard used to encode the certificate from the drop-down list. The options are:

B64
DER

Note that encryption and file format depend on API vendor specifications.

Select profile

Select a profile from the drop-down menu to indicate the level of profile in which to store the CONNECTION_ATTRIBUTES command. The global profile, edasprof.prf, is the default.

If you wish to create a new profile, either a user profile (user.prf) or a group profile if available on your platform (using the appropriate naming convention), choose New Profile from the drop-down menu and enter a name in the Profile Name field (The extension is added automatically).

Store the connection attributes in the server profile (edasprof).



x
Syntax: How to Declare Connection Attributes Manually
ENGINE X500IN SET CONNECTION_ATTRIBUTES conn_nameldap_server_url/
[userid[,password]]:'PORT ldap_server_port_number 
[SSLCERT ssl_certificate SSLCERTENC ssl_certificate_encoding] 
UDNBASE user_dn_suffix UDNATTRIBUTE user_rdn_name'

where:

x500IN

Is the suffix for the Adapter for LDAP.

conn_name

Is a logical name used to identify this particular set of attributes.

ldap_server_url

Is the address of the host machine on which the LDAP server is located.

userid

Is the primary authorization ID by which you are known to LDAP.

password

Is the password associated with the primary authorization ID.

ldap_server_port_number

Is the LDAP server port number. (The SSL port should be used for the secure connection.)

ssl_certificate

Is the location of the SSL certificate file.

ssl_certificate_encoding

SSL certificate file encoding.

user_dn_suffix

The suffix that is appended to the user name to create a Distinguished Name (DN).

user_rdn_name

The name of the user attribute used in the DN.

Note: UDNBASE and UDNATTRIBUTE are required for the Explicit security. Otherwise, they are ignored.



Example: Declaring Connection Attributes
ENGINE X500IN SET CONNECTION_ATTRIBUTES CON02 edasol29/
pgmavv,CD25FFDBB91B6790:'PORT 389 UDNBASE ou=iway,dc=ibi,dc=com
UDNATTRIBUTE uid'

iWay Software