Authentication  Multiple directory services with LDAP

Chapter 5: Using a Directory Service

Enabling LDAP directory services

NoteLDAP is only supported with reentrant libraries. You must use isql_r, instead of isql, when connecting to a server using LDAP directory services.

StepsSetting up to use a directory service

  1. Configure the LDAP server according to the vendor-supplied documentation.

  2. Add the LDAP library directory to your path for your platform. For example:

    PATH=%PATH%:%SYBASE%\%SYBASE_OCS%\lib3p

  3. Configure the libtcl*.cfg file to use directory services. Use any standard ASCII text editor to:

      • Remove the semicolon (;) comment markers from the beginning of the LDAP URL lines in the libtcl*.cfg file under the [DIRECTORY] entry.

      • Add the LDAP URL under the [DIRECTORY] entry. See Table 5-2 for supported LDAP URL values.

        WARNING! The LDAP URL must be on a single line.

      ldap=libdldap.so ldap://host:port/ditbase??scope????
     bindname=username password

      For example: 

      [DIRECTORY] 

      ldap=libdldap.so ldap://huey:11389/dc=sybase,dc=com??
     one????bindname=cn=Manager,dc=sybase,dc=com secret

      one” indicates the scope of a search that retrieves entries one level below the DIT base. Table 5-3 defines the keywords for the ldapurl variables.

      Table 5-3: ldapurl variables

      Keyword

      Description

      Default

      CS_* property

      host (required)

      The host name or IP address of the machine running the LDAP server

      None

      port

      The port number on which the LDAP server is listening

      389

      ditbase (required)

      The default DIT base

      None

      CS_DS_DITBASE

      username

      Distinguished name (DN) of the user to authenticate

      NULL (anonymous authentication)

      CS_DS_PRINCIPAL

      password

      Password of the user to be authenticated

      NULL (anonymous authentication)

      CS_DS_PASSWORD

    2. Verify that the appropriate environment variable points to the required third-party libraries. Table 5-4 lists the location of the LDAP SDK libraries.

      Table 5-4: Environment variables

      Platform

      Environment variable

      Library location

      Windows NT and 2000

      PATH

      %SYBASE%\%SYBASE_OCS\lib3p

      Windows 2003 and XP

      PATH

      %SYBASE%\%SYBASE_OCS\lib3p

    3. Add your server entry to the LDAP server using dscp or dsedit. See “Making and modifying server entries” and “Adding a server to the directory services”.




Copyright © 2005. Sybase Inc. All rights reserved. Multiple directory services with LDAP

View this book as PDF