In its simplest form, LDAP directory services are specified in this format:
[DIRECTORY]
ldap=libdldap.so ldapurl
where the ldapurl is defined as:
ldap://host:port/ditbase
The following LDAP entry, using these same attributes, is an anonymous connection and only works only if the LDAP server allows read-only access.
ldap=libdldap.so ldap://test:389/dc=sybase,dc=com
You can specify a user name and password in the libtcl*.cfg file as extensions to the LDAP URL to enable password authentication at connection time.
To set the user name, enter:
if (ct_con_props(conn, CS_SET, CS_DS_PRINCIPAL, ldapprincipal,
strlen(ldapprincipal), (CS_INT *)NULL) != CS_SUCCEED)
{
...
}
To set the password, enter:
if (ct_con_props(conn, CS_SET, CS_DS_PASSWORD, ldappassword,
strlen(ldappassword), (CS_INT *)NULL) != CS_SUCCEED)
{
...
}
Entries in the libtcl.cfg and libtcl64.cfg files are in human-readable format. Sybase provides a pwdcrypt utility for basic password encryption. pwdcrypt is a simple algorithm that, when applied to keyboard input, generates an encrypted value that can be substituted for the password. pwdcrypt is located in %SYBASE%\%SYBASE_OCS%\bin.
Encrypting the password
From the Open Client and Open Server (OCS) directory, enter the following at the command prompt:
bin/pwdcrypt
Enter your password twice when prompted. pwdcrypt generates an encrypted password, for example:
0x01312a775ab9d5c71f99f05f7712d2cded2i8d0ae1ce78868d0e8669313d1bc4c706
Copy and paste the encrypted password into the libtcl*.cfg file using any standard ASCII-text editor. Before encryption, the file entry appears as follows:
ldap=libdldap.so ldap://dolly/dc=sybase,dc=com????bindname=cn=Manager,dc=sybase,dc=com?secret
Replace the password with the encrypted string:
ldap=libdldap.so ldap://dolly/dc=sybase,dc=com????bindname=cn=Manager,dc=sybase,dc=com? 0x01312a775ab9d5c71f99f05f7712d2cded2i8d0ae1ce78868d0e8669313d1bc4c706
WARNING! Even if your password is encrypted, you should still protect it using file-system security.
