In its simplest form, LDAP directory services are specified in this format:
[DIRECTORY]
ldap=libdldap.so ldapurl
where the ldapurl is defined as follows:
ldap://host:port/ditbase
The following LDAP entry, using these same attributes, is an anonymous connection and works only if the LDAP server allows read-only access:
ldap=libdldap.so ldap://test:389/dc=sybase,dc=com
You can specify a user name and password in the libtcl*.cfg file as extensions to the LDAP URL to enable password authentication at connection time.
To set the user name:
if (ct_con_props(conn, CS_SET, CS_DS_PRINCIPAL, ldapprincipal, strlen(ldapprincipal), (CS_INT *)NULL) != CS_SUCCEED)
{
...
}
To set the password:
if (ct_con_props(conn, CS_SET, CS_DS_PASSWORD, ldappassword, strlen(ldappassword), (CS_INT *)NULL) != CS_SUCCEED)
{
...
}
Entries in the libtcl.cfg and libtcl64.cfg files are in human-readable format. Sybase provides a pwdcrypt utility for basic password encryption. This utility is a simple algorithm that, when applied to keyboard input, generates an encrypted value that can be substituted for the password. The pwdcrypt utility is located in $SYBASE/$SYBASE_OCS/bin.
From the Open Client and Open Server (OCS) directory, enter the following at the command prompt:
bin/pwdcrypt
When prompted, enter your password twice.
The pwdcrypt utility generates an encrypted password, for example:
0x01312a775ab9d5c71f99f05f7712d2cded2i8d0ae1ce78868d0e8669313d1bc4c706
Copy and paste the encrypted password into the libtcl*.cfg file using any standard ASCII-text editor. Before encryption, the file entry appears as:
ldap=libdldap.so ldap://dolly/dc=sybase,dc=com????bindname=cn=Manager,dc=sybase,dc=com?secret
Replace the password with the encrypted string:
ldap=libdldap.so ldap://dolly/dc=sybase,dc=com????bindname=cn=Manager,dc=sybase,dc=com? 0x01312a775ab9d5c71f99f05f7712d2cded2i8d0ae1ce78868d0e8669313d1bc4c706
WARNING! Even if your password is encrypted, you should still protect it using file-system security.
