Directory drivers  Security drivers

Appendix B: Configuration Files

For LDAP entries in the DIRECTORY section

In its simplest form, LDAP directory services are specified in this format:

[DIRECTORY]

ldap=libsybdldap.dll ldapurl

where the ldapurl is defined as:

ldap://host:port/ditbase

The following LDAP entry, using these same attributes, is an anonymous connection and only works only if the LDAP server allows read-only access. 

ldap=libsybdldap.dll
ldap://test:389/dc=sybase,dc=com

You can specify a user name and password in the libtcl*.cfg file as extensions to the LDAP URL to enable password authentication at connection time.

To set the user name, enter:

if (ct_con_props(conn, CS_SET, CS_DS_PRINCIPAL, ldapprincipal,

     strlen(ldapprincipal), (CS_INT *)NULL) != CS_SUCCEED)

{

     ...

}

To set the password, enter:

if (ct_con_props(conn, CS_SET, CS_DS_PASSWORD, ldappassword,

     strlen(ldappassword), (CS_INT *)NULL) != CS_SUCCEED)

{

     ...

}

Encrypting the password

Entries in the libtcl.cfg and libtcl64.cfg files are in human-readable format. Sybase provides a pwdcrypt utility for basic password encryption. pwdcrypt is a simple algorithm that, when applied to keyboard input, generates an encrypted value that can be substituted for the password. pwdcrypt is located in %SYBASE%\%SYBASE_OCS%\bin.

StepsEncrypting the password

  1. From the Open Client and Open Server (OCS) directory, enter at your command prompt:

    bin/pwdcrypt

  2. Enter your password twice when prompted. pwdcrypt generates an encrypted password, for example:

    0x01312a775ab9d5c71f99f05f7712d2cded2i8d0ae1ce78868d0e8669313d1bc4c706

  3. Copy and paste the encrypted password into the libtcl*.cfg file using any standard ASCII-text editor. Before encryption, the file entry appears as follows:

    NoteThe LDAP URL must be on a single line.

    ldap=libsybdldap.dll
ldap://dolly/dc=sybase,dc=com????bindname=cn=Manager,dc=sybase,dc=com?secret

  4. Replace the password with the encrypted string:

    ldap=libsybdldap.dll
ldap://dolly/dc=sybase,dc=com????bindname=cn=Manager,dc=sybase,dc=com? 0x01312a775ab9d5c71f99f05f7712d2cded2i8d0ae1ce78868d0e8669313d1bc4c706

WARNING! Even if your password is encrypted, you should still protect it using file-system security.




Copyright © 2008. Sybase Inc. All rights reserved. Security drivers

View this document as PDF