Validating an LDAP Server Configuration Object

Validate changes to the attribute of an existing LDAP server configuration object.

Prerequisites

Requires the MANAGE ANY LDAP SERVER system privilege.

Task

The VALIDATE LDAP SERVER command is useful for an administrator when setting up a new LDAP server configuration object or when diagnosing connection issues between SAP Sybase IQ and the LDAP server. Any connection established by the VALIDATE LDAP SERVER statement is temporary and closed at the end of the execution of the statement.

To use the userID with the search to validate the existence of the user on the LDAP server, include the CHECK clause. Specify the userID and the user-dn-string to be compared.

Identify the SEARCH DN attributes of the LDAP server configuration object to be validated.

SEARCH DN Attributes
Attribute	Valid Values
URL	Specify the host (by name or by IP address), port number, and search to be performed to lookup the DN for a given user ID or enter NULL. Note: See Syntax and Parameters for the LDAP Server Configuration Object URL for supported syntax.
ACCESS ACCOUNT	The distinguished name for a user connecting to the external LDAP server.
IDENTIFIED BY	The password associated with the ACCESS ACCOUNT distinguished name.
IDENTIFIED BY ENCRYPTED	The encrypted password associated with the ACCESS ACCOUNT distinguished name.

Identify the LDAPUA attributes of the LDAP server configuration object to be validated.

LDAPUA Attributes
Attribute	Valid Values
SEARCH DN	All attributes defined from SEARCH DN Attributes (see step 1).
AUTHENTICATION URL	Specify the host (by name or by IP address), port number, and search to be performed to lookup the DN for a given user ID or enter NULL. Note: See Syntax and Parameters for the LDAP Server Configuration Object URL for supported syntax.
CONNECTION TIMEOUT	Specifies the connection timeout value for both DN searches and authentication between SAP Sybase IQ and the external LDAP server. Specified in milliseconds, the default value is 10 seconds.
CONNECTION RETRIES	Specifies the number of retries on connections from SAP Sybase IQ to the LDAP server for both DN searches and authentication. The valid range of values is 1 – 60, with a default value of 3.
TLS	Defines whether the TLS or Secure LDAP protocol is used for connections to the LDAP server both for DN searches and authentication. The valid settings are ON and OFF (default). Note: See Enabling Secure LDAP and Setting the TLS Connection Trusted Relationship.

Execute the VALIDATE LDAP SERVER command with the applicable attributes.

For example, assume the LDAP server configuration object named apps_primary was created as follows and the SET OPTION PUBLIC.login_mode is set to ‘Standard,LDAPUA’:

CREATE LDAP SERVER apps_primary 
SEARCH DN 
	URL 'ldap://my_LDAPserver:389/dc=MyCompany,dc=com??sub?cn=*' 
	ACCESS ACCOUNT 'cn=myadmin, cn=Users, dc=mycompany, dc=com' 
	IDENTIFIED BY 'Secret99Password' 
AUTHENTICATION URL 'ldap://my_LDAPserver:389/' 
CONNECTION TIMEOUT 3000 
WITH ACTIVATE

This statement validates the existence of a userID myusername by comparing it to the expected user distinguished name (enclosed in quotation marks) on the LDAP server configuration object name apps_primary using the optional CHECK clause:

VALIDATE LDAP SERVER apps_primary
CHECK myusername 'cn=myusername,cn=Users,dc=mycompany,dc=com'