LDAP Security Provider

(Not applicable to Online Data Proxy) The LDAP security provider includes authentication, attribution, and authorization providers. Add an LDAP provider to a security configuration to authenticate administrator logins (on the "admin' security configuration on the "default" domain) or device user logins (any custom security configuration for that purpose).

You can configure these providers:

• LDAPLoginModule– provides authentication services. Through appropriate configuration, you can enable certificate authentication in LDAPLoginModule.
• (Optional)LDAPAuthorizer or RoleCheckAuthorizer – provide authorization services for LDAPLoginModule. LDAPLoginModule works with either authorizer. In most production deployments, you must always configure your own authorizer. However, if you are authenticating against a service other than LDAP, but want to perform authorization against LDAP, you can use the LDAPAuthorizer.

  The RoleCheckAuthorizer is used with every security configuration but does not appear in Sybase Control Center.

  Use LDAPAuthorizer only when LDAPLoginModule is not used to perform authentication, but roles are still required to perform authorization checks against the LDAP data store. If you use LDAPAuthorizer, always explicitly configure properties; for it cannot share the configuration options specified for the LDAPLoginModule.

You need not enable all LDAP providers. You can also implement some LDAP providers with providers of other types. If you are stacking multiple LDAP providers, be aware of, and understand the configuration implications.