Creating an LDAP Server Configuration Object

Create a new LDAP server configuration object to allow LDAP user authentication.

Prerequisites
Requires the MANAGE ANY LDAP SERVER system privilege.
Task
The LDAP server configuration object provides a connection between SAP Sybase IQ and a physical LDAP server. If you are using multiple LDAP servers, particularly for failover, set up a separate LDAP server configuration object for each LDAP server. The parameters of the LDAP server configuration object are stored in the ISYSLDAPSERVER (system view SYSLDAPSERVER) system table. To automatically activate the connection to the LDAP server upon creation, use the WITH ACTIVATE clause.
  1. Identify the values for the applicable SEARCH DN attributes to be defined for the new LDAP server configuration object.
    SEARCH DN Attributes
    Attribute Valid Values
    URL Specify the host (by name or by IP address), port number, and search to be performed to lookup the DN for a given user ID or enter NULL.
    Note: See Syntax and Parameters for the LDAP Server Configuration Object URL for supported syntax.
    ACCESS ACCOUNT The distinguished name for a user connecting to the external LDAP server.
    IDENTIFIED BY The password associated with the ACCESS ACCOUNT distinguished name.
    IDENTIFIED BY ENCRYPTED The encrypted password associated with the ACCESS ACCOUNT distinguished name.
  2. Identify the values for the applicable LDAPUA server attributes for the new LDAP server configuration object.
    LDAPUA Attributes
    Attribute Valid Values
    SEARCH DN All attributes defined from SEARCH DN Attributes (see step 1).
    AUTHENTICATION URL Specify the host (by name or by IP address), port number, and search to be performed to lookup the DN for a given user ID or enter NULL.
    Note: See Syntax and Parameters for the LDAP Server Configuration Object URL for supported syntax.
    CONNECTION TIMEOUT Specifies the connection timeout value for both DN searches and authentication between SAP Sybase IQ and the external LDAP server. Specified in milliseconds, the default value is 10 seconds.
    CONNECTION RETRIES Specifies the number of retries on connections from SAP Sybase IQ to the LDAP server for both DN searches and authentication. The valid range of values is 1 – 60, with a default value of 3.
    TLS Defines whether the TLS or Secure LDAP protocol is used for connections to the LDAP server both for DN searches and authentication. The valid settings are ON and OFF (default).
    Note: See Enabling Secure LDAP and Setting the TLS Connection Trusted Relationship.
  3. Execute the CREATE LDAP SERVER command, specifying the applicable attributes and clauses. For example:
CREATE LDAP SERVER secure_primary 
SEARCH DN 
     URL 'ldaps://my_LDAPserver:636/dc=MyCompany,dc=com??sub?cn=*' 
     ACCESS ACCOUNT 'cn=myadmin, cn=Users, dc=mycompany, dc=com' 
     IDENTIFIED BY 'Secret99Password' 
AUTHENTICATION URL 'ldaps://my_LDAPserver:636/' 
CONNECTION TIMEOUT 3000 
CONNECTION RETRIES 3
TLS OFF 
WITH ACTIVATE
Parent topic: Managing the LDAP Server Configuration Object with SAP Sybase IQ
Related concepts
Syntax and Parameters for the LDAP Server Configuration Object URL
Enabling Secure LDAP
Related tasks
Editing LDAP Server Configuration Object Attributes
Setting the TLS Connection Trusted Relationship
Related reference
CREATE LDAP SERVER Statement