Validates changes to the settings of existing LDAP server configuration objects before applying them.
VALIDATE LDAP SERVER [ ldapua-server-name | ldapua-server-attribs ] [ CHECK userid [ user-dn-string ] ] ldapua-server-attribs SEARCH DN URL { ‘URL_string’ | NULL } | ACCESS ACCOUNT { ‘DN_string’ | NULL } | IDENTIFIED BY ( ‘password’ | NULL } | IDENTIFIED BY ENCRYPTED { encrypted-password | NULL } | AUTHENTICATION URL { ‘URL_string’ | NULL } | CONNECTION TIMEOUT timeout_value | CONNECTION RETRIES retry_value | TLS { ON | OFF }
SET OPTION PUBLIC.login_mode = ‘Standard,LDAPUA’ CREATE LDAP SERVER apps_primary SEARCH DN URL 'ldap://my_LDAPserver:389/dc=MyCompany,dc=com??sub?cn=*' ACCESS ACCOUNT 'cn=aseadmin, cn=Users, dc=mycompany, dc=com' IDENTIFIED BY 'Secret99Password' AUTHENTICATION URL 'ldap://my_LDAPserver:389/' CONNECTION TIMEOUT 3000 WITH ACTIVATE
This statement validates the existence of a userID myusername by using the optional CHECK clause to compare the userID to the expected user distinguished name (enclosed in quotation marks) on the apps_primary LDAP server configuration object.
VALIDATE LDAP SERVER apps_primary CHECK myusername ‘cn=myusername,cn=Users,dc=mycompany,dc=com’
VALIDATE LDAP SERVER SEARCH DN URL 'ldap://my_LDAPserver:389/dc=MyCompany,dc=com??sub?cn=*' ACCESS ACCOUNT 'cn=aseadmin, cn=Users, dc=mycompany, dc=com' IDENTIFIED BY 'Secret99Password' AUTHENTICATION URL 'ldap://my_LDAPserver:389/' CONNECTION TIMEOUT 3000 CHECK myusername ‘cn=myusername,cn=Users,dc=mycompany,dc=com’
This statement is useful for an administrator when setting up a new server to use LDAP user authentication, and for diagnosing problems between the LDAP server configuration object and the external LDAP server. Any connection made by the VALIDATE LDAP SERVER statement is temporary and is closed by the end of the statement.
When validating the LDAP server configuration object by name, definitions from prior CREATE LDAP SERVER and ALTER LDAP SERVER statements are used. Alternately, when ldapua-server-attributes are specified instead of the LDAP server configuration object name, the specified attributes are validated. When ldapua-server-attributes are specified, the URLs are parsed to identify syntax errors, and statement processing stops is a syntax error is detected.
Whether using an LDAP server configuration object name or a successfully parsed set of ldapua-server-attributes, a connection to the external LDAP server is attempted. If the parameter ACCESS ACCOUNT and a password are specified, the values are used to establish the connection to the SEARCH DN URL. This is the SEARCH DN URL, ACCESS ACCOUNT, and ACCESS ACCOUNT password.
When using the optional CHECK clause, the userID is used in the search to validate the existence of the user on the external LDAP server. When the expected DN value for a given user is known, the value can be specified, and is compared with the result of the search to determine success or failure.