Configures or lists an LDAP URL, specifies the access accounts for LDAP user authentication, or verifies an LDAP URL or login-related parameters.
sysadmin ldap [operation [,parameter1, [,parameter2]]]
set_primary_url, 'ldapurl' set_access_acct, 'account_distinguished_name', 'account_password' list_urls list_access_acct check_url, 'ldapurl' [,'tls'] [,'dn', 'pwd'] check_login, 'login_name' set_secondary_url, 'ldapurl' set_secondary_access_acct,'account_distinguished_name',account_password starttls_on_primary, 'true|false' starttls_on_secondary, 'true|false' set_cacert_file, 'full/path/to/CARootCertFile' refresh_ldapua_module
ldapurl:=ldap://host:port/node?attributes?base | one |sub?filter
If you do not specify the administrative DN and password, Replication Server uses anonymous binding to LDAP server for searching the user account.
If you do not specify a search filter, Replication Server uses anonymous binding to LDAP server for searching the user account.
See Replication Server Administration Guide: Volume 1> Manage Replication Server Security > Manage SSL Security > SSL Overview.
Do not restart the Replication Server for the reinitialization to take effect. This parameter releases any resources that may be held by LDAP user authentication module, or rereads changes made to files outside of Replication Server, such as a change to the contents of CA root file.
sysadmin ldap, set_primary_url, 'ldap://myhost:389/dc=mycompany,dc=com?distinguishedName?sub?uid=*?'
sysadmin ldap set_access_acct, 'cn=Manager, dc=mycompany, dc=com', 'password'
sysadmin ldap, check_url, 'ldap://myhost:389'
sysadmin ldap, check_url, 'ldap://myhost;389', 'cn=Manager,dc=mycompany,dc=com', 'password'
sysadmin ldap, check_url, 'ldaps://myhost:636'
sysadmin ldap, check_url, 'ldap://myhost:389', 'tls'
sysadmin ldap, starttls_on_primary, 'true'
sysadmin ldap, set_cacert_file, 'user/sybase/config/trusted.txt'
The LDAP vendor determines the syntax of the search filter. In all cases, the search filter specifies the attribute name that uniquely identifies the user in the form “attribute = wildcard” as in “cn=*.”
The first attribute with a wildcard in a compound filter must define the relative distinguished name ; Otherwise, authentication fails. For example, if "uid = ray, dc=sybase, dc=com" is the user DN, then its parent DN is "dc=sybase, dc=com" and its relative DN is "uid = ray"
When a search filter is added, Replication Server verifies that it uses valid LDAP URL syntax and has references to an existing node. To ensure that the valid string returns expected values, choose the search filter carefully, and verify it when you configure Replication Server.
Setting the CA root file path and entering the "ldaps://" scheme to specify the LDAP URL, or,
Enabling TLS using the sysamdin ldap on the target LDAP URL. The LDAP URL scheme must be "ldap://" with no "s".
sysadmin ldap requires "sa" permission.