By setting the appropriate combination of options in the <installation directory>\EAServer\Repository\CSI\conf\default.xml file, you can achieve integration with a wide variety of LDAP schemas in addition to certificate-based authentication.
The following example enables certificate validation with other login modules like LDAP LoginModule by configuring CertificateValidationLoginModule before the module that supports it.
<config:authenticationProvider name="com.sybase.security.core.CertificateValidationLoginModule">
<options name="validatedCertificateIsIdentity" value="false" />
<options name="crl.1.uri" value="file:///work2/subCA.crl" />
<options name="crl.2.uri" value="file:///work2/anotherCA.crl" />
<options name="validateCertPath" value="true" />
<options name="trustedCertStore" value="keystore.jks" />
<options name="trustedCertStorePassword" value="changeit" />
<options name="trustedCertStoreType" value="JKS" />
</config:authenticationProvider>
<config:authenticationProvider name="com.sybase.security.ldap.LDAPLoginModule">
<options name="DefaultSearchBase" value="dc=sybase,dc=com" />
<options name="ProviderURL" value="ldap://localhost:389/" />
<options name="BindDN" value="cn=manager,dc=sybase,dc=com" />
<options name="BindPassword" value="AdM1n1" />
<options name="ServerType" value="sunone5" />
<options name="AuthenticationFilter" value="(&(cn={uid})(objectclass=person))" />
<options name="RoleSearchBase" value="dc=sybase,dc=com" />
<options name="RoleFilter" value="(&(objectclass=ldapsubentry)(objectclass=nsroledefinition))" />
<options name="UserRoleMembershipAttribute" value="nsRoleDN" />
<options name="enableCertificateAuthentication" value="false" />
</config:authenticationProvider>
Send your feedback on this help topic to Sybase Technical Publications: pubs@sybase.com
Your comments will be sent to the technical publications staff at Sybase, Inc. For product-related issues or technical support, contact Sybase Technical Support at 1-800-8SYBASE.