The LDAP user authentication allows you to use LDAP enterprise-wide passwords instead of Replication Server passwords.
Replication Server uses the OpenLDAP API for the LDAP user authentication and this API supports LDAPv3.
When connecting to an LDAP server as a client, Replication Server supports any LDAP server, which conforms with a standard LDAP protocol, including Microsoft Windows Active Directory and OpenLDAP directory servers.
The primary data structure used with the LDAP protocol is the LDAP URL, which specifies a set of objects or values on an LDAP server. Replication Server uses LDAP URLs to specify an LDAP server, and search criteria to authenticate user login requests.
ldapurl:=ldap://host:port/node?attribute?[base | one | sub]?filterwhere:
The wildcard replacement fails if the first attribute in a wildcard search filter is not mapped to the login name attribute.
For example, if the search filter is "&(uid=*)(ou=group)" and the login name is "mylogin", during authentication, Replication Server uses "mylogin" to generate an output filter "&(uid=mylogin)(ou=group)". If the search filter is specified as "&(ou=*)(uid=*)", the login name is "ou=mylogin", which is incorrect. The wildcard replacement for the user authentication fails.
ldap://john.doe.com:8888/dc=doe,dc=com??SUB?(cn=*)