The LDAP login provider provides authentication, authorization, and attribution services. Configure the LDAP provider by setting properties in the <installation directory>\EAServer\Repository\CSI\conf\default.xml file.
To share configuration properties among authentication, authorization, and attributer providers for a single LDAP provider, set properties only for the authorization provider. If you require more than one LDAP module however, each LDAP provider must have its own configuration as the configuration cannot be shared among multiple LDAP providers. The LDAP attributer derives its configuration as appropriate from all active login module configurations.
The properties listed in the tables below are considered to be the properties most likely to be used in Service Container deployments. The properties in this table are part of a comprehensive list of supported LDAP properties. For a definitive list, See the CSI 2.0.1 Java LDAP Provider technical note located at http://www.sybase.com/techdocs.
While the following properties are not used as frequently as those listed above, they can still be important for authentication and role evaluation.
Property | Default Value | Description |
---|---|---|
AuthenticationMethod | simple | The authentication method to use for all authentication requests into LDAP. Legal values are generally the same as those of the java.naming.security.authentication JNDI property. Choose one of:
|
AuthenticationSearchBase | none | The search base used to authenticate users. If this value is not specified, the LDAP DefaultSearchBase is used. |
AuthenticationScope | onelevel | The authentication search scope. The supported values for this are: If you do not specify a value or if you specify an invalid value, the default value is used. |
BindDN | none | The user DN to bind against when building the initial LDAP connection. In many cases, this user may need only read permissions on all user records. If you do not set a value, anonymous binding is used. Anonymous binding works on most servers without additional configuration. However, the LDAP attributer may also use this DN to create the users in the LDAP server. When the self-registration feature is used, this user then may also the requisite permissions to create a user record. This behavior can occur if you do not set useUserCredentialsToBindto true. In this case, the LDAP attributer then uses this DN to update the user attributes. |
BindPassword | none | The user password to bind against when building the initial LDAP connection. You need to only set this value if the Bind DN property is set. The AuthenticationMethod property determines the bind method used for this initial connection. |
RoleSearchBase | none | The search base used to retrieve lists of roles. If this value is not specified, the LDAP DefaultSearchBase is used. |
RoleScope | onelevel | The role search scope. The supported values for this are: If you do not specify a value or if you specify an invalid value, the default value is used. |
Send your feedback on this help topic to Sybase Technical Publications: pubs@sybase.com
Your comments will be sent to the technical publications staff at Sybase, Inc. For product-related issues or technical support, contact Sybase Technical Support at 1-800-8SYBASE.