Configuring Active Directory as an LDAP Provider for Sybase Control Center

Once you have added required users to Active Directory, you can use the directory to authenticate administration login requests for Sybase Control Center.

For Sybase Control Center, you define an LDAP providers by manually editing a configuration file. Sybase recommends that you back up this file before making any changes to it.

  1. Exit Sybase Control Center.
  2. From a text editor, open <SUP_installdir>\UAF-2_6\conf\csi.properties.
  3. Define an LDAP module in this file by configuring these properties.
    Property Syntax Description or value
    AuthenticationSearchBase ou=<ou name>, dc=<domain name>

    The Active Directory search base for the Unwired Platform admin account. For example, ou=Sales,dc=sybase,dc=com.
    BindDN   The Unwired Platform admin account. For example, cn=supAdmin,ou=Sales,dc=sybase,dc=com.
    BindPassword   The Password for Unwired Platform admin account.
    DefaultSearchBase ou=<ou name>, dc=<domain name>

    The Active Directory search base for the Unwired Platform admin account. For example, ou=Sales,dc=sybase,dc=com.

    AuthenticationFilter   Use (&(sAMAccountName={uid})(objectclass=user)).
    ProviderURL ldap://<LDAP hostname>:<LDAP port> The Active Directory server name or IP address, and port number.
    AuthenticationScope   subtree
    ServerType   msad2k

    Each line of the LDAP server module of the properties file must begin with "CSI.loginModule." followed by a module number. The module number in this sample is 5. The module number you assign must be unique in the properties file, and you must use the same module number in every line of the module.

    When you are finished, your module definition is similar to this example:

    ===================================================
## LDAP login module for SCC
CSI.loginModule.5.options.AuthenticationSearchBase=ou=Sales,dc=sybase,dc=com
CSI.loginModule.5.options.BindDN=cn=supAdmin,ou=Sales,dc=sybase,dc=com
CSI.loginModule.5.options.BindPassword=mysecret
CSI.loginModule.5.options.DefaultSearchBase=ou=Sales,dc=sybase,dc=com
CSI.loginModule.5.options.ProviderURL=ldap://mylocalhost:389
CSI.loginModule.5.options.RoleSearchBase=ou=groups,dc=example,dc=com
CSI.loginModule.5.options.AuthenticationScope=subtree
CSI.loginModule.5.options.ServerType=msad2k
CSI.loginModule.5.options.moduleName=LDAP Login Module
CSI.loginModule.5.provider=com.sybase.ua.services.security.ldap.LDAPWithRoleLoginModule
CSI.loginModule.5.controlFlag=sufficient
=====================================================

    This example specifies that Active Directory is used as the LDAP server for Sybase Control Center authentication requests.

    For a complete list of available LDAP properties and values you can configure for Active Directory, see System Administration>System Reference>Security Provider Configuration Properties>LDAP Configuration Properties.
  4. Save the file.
  5. If your LDAP server’s SSL certificate is signed by a nonstandard certificate authority (for example, if it is a self-signed certificate), use the keytool utility to configure your JVM or JDK to trust the certificate. Execute a command similar to this: 
    keytool -import -keystore <SUP_installdir>\shared\JRE-<version>\bin\keytool\lib\security\cacerts -file 
<your cert file and path> -alias ldapcert -storepass changeit
  6. Restart Sybase Unified Agent.
  7. Open Sybase Control Center and login. Active Directory now authenticates these login requests.
Parent topic: Setting Up Active Directory as an LDAP Security Provider
Previous topic: Adding Unwired Platform LDAP Entities
Next topic: Configuring an Active Directory LDAP Provider for Unwired Server

Created February 22, 2010. Send feedback on this help topic to Sybase Technical Publications: pubs@sybase.com