Configuring DA for LDAP Authentication

To configure DA server and DA agent for LDAP authentication, modify the csi.xml file.

  1. Use any text editor to edit the csi.xml file.
    • DA server:

      $SYBASE/DA_15-5/server/instance/security/csi.xml

    • DA agent:

      $SYBASE/DA_15-5/agent/instance/security/csi.xml

  2. Configure the authenticationProvider parameters to use your LDAP server. 
    <?xml version="1.0" encoding="UTF-8"?>
  <configuration xmlns:config="http://www.sybase.com/csi/2.5/config"
        xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <authenticationProvider
           name="com.sybase.security.ldap.LDAPLoginModule">
        <options name="ServerType" value="sunone5" /> 
        <options name="ProviderURL" value="ldap://ldap.myserver.com:389" />
        <options name="DefaultSearchBase" value="dc=sybase,dc=com" />
        <options name="AuthenticationScope" value="subtree" 
     </authenticationProvider>
</configuration>
    where:
    LDAP Configuration Options
    Option Description
    ServerType (Optional) Specify the type of LDAP server you are connecting to.  This value establishes default values for some common configuration properties.
    Valid values:
    • sunone5 – SunOne 5.x OR iPlanet 5.x
    • msad2k – Microsoft ActiveDirectory, Windows 2000
    • nsds4 – Netscape Directory Server 4.x
    • openldap – OpenLDAP Directory Server 2.x
    ProviderURL Specify the URL used to connect to the LDAP server.

    Default is ldap://localhost:389 .

    This default value works if the LDAP server is located on the same machine as your CSI-enabled product and the LDAP server is installed on the default port (389).
    DefaultSearchBase Specify the LDAP search base that is used if no other search base is specified for authentication, role, attribution, and self registration:
    • dc=<domainname>,dc=<tld> – for example, a machine in sybase.com domain has a search base of dc=sybase,dc=com.
    • o=<company name>,c=<country code> – for example, this might be o=Sybase,c=us for a machine within the Sybase organization.
    AuthenticationScope Define the credentials for different authentication scopes.

    Default: onelevel

    Valid values:
    • onelevel
    • subtree
  3. Restart DA server and the DA agent.
Parent topic: LDAP Authentication