By setting the appropriate combination of options in the <installation directory>\EAServer\Repository\CSI\conf\default.xml file, you can achieve integration with a wide variety of LDAP schemas in addition to certificate-based authentication.
The following example enables certificate validation with other login modules like LDAP LoginModule by configuring CertificateValidationLoginModule before the module that supports it.
<config:authenticationProvider name="com.sybase.security.core.CertificateValidationLoginModule"> <options name="validatedCertificateIsIdentity" value="false" /> <options name="crl.1.uri" value="file:///work2/subCA.crl" /> <options name="crl.2.uri" value="file:///work2/anotherCA.crl" /> <options name="validateCertPath" value="true" /> <options name="trustedCertStore" value="keystore.jks" /> <options name="trustedCertStorePassword" value="changeit" /> <options name="trustedCertStoreType" value="JKS" /> </config:authenticationProvider> <config:authenticationProvider name="com.sybase.security.ldap.LDAPLoginModule"> <options name="DefaultSearchBase" value="dc=sybase,dc=com" /> <options name="ProviderURL" value="ldap://localhost:389/" /> <options name="BindDN" value="cn=manager,dc=sybase,dc=com" /> <options name="BindPassword" value="AdM1n1" /> <options name="ServerType" value="sunone5" /> <options name="AuthenticationFilter" value="(&(cn={uid})(objectclass=person))" /> <options name="RoleSearchBase" value="dc=sybase,dc=com" /> <options name="RoleFilter" value="(&(objectclass=ldapsubentry)(objectclass=nsroledefinition))" /> <options name="UserRoleMembershipAttribute" value="nsRoleDN" /> <options name="enableCertificateAuthentication" value="false" /> </config:authenticationProvider>
Send your feedback on this help topic to Sybase Technical Publications: pubs@sybase.com
Your comments will be sent to the technical publications staff at Sybase, Inc. For product-related issues or technical support, contact Sybase Technical Support at 1-800-8SYBASE.