LDAP Login Policy Options

Available login policy options for LDAP user authentication

Option Description
LDAP_PRIMARY_SERVER Specifies the name of the primary LDAP server. 
  • Values – n/a
  • Initial value for Root policy – None
  • Applies to – All users.
LDAP_SECONDARY_SERVER Specifies the name of the secondary LDAP server. 
  • Values – n/a
  • Initial value for ROOT policy – None
  • Applies to – All users.
LDAP_AUTO_FAILBACK_PERIOD Specifies the time period, in minutes, after which automatic failback to the primary server is attempted.
  • Values – 0 - 2147483647
  • Initial value for ROOT policy – 15 minutes
  • Applies to – All users.
LDAP_FAILOVER_TO_STD Permits authentication with standard authentication when authentication with the LDAP  server fails due to system resources, network outage, connection timeouts, or similar system failures.  However, it does not permit an actual authentication failure returned from an LDAP server to fail over to standard authentication.
  • Values – ON, OFF
  • Initial value for ROOT policy – ON
  • Applies to – All users.
LDAP_REFRESH_DN Updates the ldap_refresh_dn value in the ISYSLOGINPOLICYOPTION system table with the current time, stored in Coordinated Universal Time (UTC).

Each time a user authenticates with LDAP, if the value of the option ldap_refresh_dn in ISYSLOGINPOLICYOPTION is more recent than the user_dn value in ISYSUSER, a search for a new user DN occurs. The user_dn value is then updated with the new user DN and the user_dn_changed_at value is again updated to the current time.

  • Values – NOW
  • Initial value for ROOT policy – NULL
  • Initial value for user-defined login policy – Current time stored in UTC
  • Applies to – All users.
Parent topic: ALTER LOGIN POLICY Statement