LDAP as a Directory Service

Lightweight Directory Access Protocol (LDAP) is an industry standard for accessing directory services. Directory services allow components to look up information by a distinguished name (DN) from an LDAP server that stores and manages server, user, and software information that is used throughout the enterprise or over a network.

The LDAP server can be located on a different platform from the one on which SAP ASE or clients are running. LDAP defines the communication protocol and the contents of messages exchanged between clients and servers. Messages are operators, such as client requests for read, write and query, and server responses, including metadata (data about data).

The LDAP server can store and retrieve information about:

You can configure the LDAP server to use these access restrictions:

User name and password authentication properties establish and end a session connection to an LDAP server.

Note: The default user name and password stored in libtcl.cfg and passed to the LDAP server for authentication purposes are distinct and different from those used to access SAP ASE. The default user name and password allow access to the LDAP server for administrative tasks.

When an LDAP server is specified in the libtcl.cfg or libtcl64.cfg file (collectively called libtcl*.cfg file), the server information is then accessible only from the LDAP server; SAP ASE ignores the interfaces file.

If multiple directory services are supported in a server, the order in which they are searched is specified in libtcl*.cfg. You cannot use the dataserver command line option to specify the search order.