Configuring the saldap.ini file

To connect using an LDAP server, a file containing information on how to find and connect to the LDAP server must be created on both the database server computer and on each client computer. By default the name of this file is saldap.ini, but it is configurable. If this file doesn't exist, LDAP support is silently disabled.

The file must be located in the same directory as the SQL Anywhere executables (for example, install-dir\bin32 on Windows) unless a full path is specified with the LDAP parameter. The file must be in the following format:



[LDAP]
server=computer-running-LDAP-server
port=port-number-of-LDAP-server
basedn=Base-DN
authdn=Authentication-DN
password=password-for-authdn
search_timeout=age-of-timestamps-to-be-ignored
update_timeout=frequency-of-timestamp-updates
read_authdn=read-only-authentication-domain-name
read_password=password-for-authdn

You can add simple encryption to obfuscate the contents of the saldap.ini file using the File Hiding utility (dbfhide). See File Hiding utility (dbfhide).

If the name of the file is not ldap.ini, then you must use the LDAP parameter to specify the file name.

server   The name or IP address of the computer running the LDAP server. This value is required on Unix. If this entry is missing on Windows, then Windows looks for an LDAP server running on the local domain controller.

port   The port number used by the LDAP server. The default is 389.

basedn   The domain name of the subtree where the SQL Anywhere entries are stored. This value defaults to the root of the tree.

authdn   The authentication domain name. The domain name must be an existing user object in the LDAP directory that has write access to the basedn. This parameter is required for the database server, and ignored on the client.

password   The password for authdn. This parameter is required for the database server, and ignored on the client.

search_timeout   The age of timestamps at which they are ignored by the client and/or the Server Enumeration utility (dblocate). A value of 0 disables this option so that all entries are assumed to be current. The default is 600 seconds (10 minutes).

update_timeout   The frequency of timestamp updates in the LDAP directory. A value of 0 disables this option so that the database server never updates the timestamp. The default is 120 seconds (2 minutes).

read_authdn   The read-only authentication domain name. The domain name must be an existing user object in the LDAP directory that has read access to the basedn. This parameter is only required if the LDAP server requires a non-anonymous binding before searching can be done. For example, this field is normally required if Active Directory is used as the LDAP server. If this parameter is missing, the bind is anonymous.

read_password   The password for authdn. This parameter is only required on the client if the read_authdn parameter is specified.

 How the connection is made
 Example