Troubleshooting LDAP user authentication errors  LDAPS user authentication enhancements

Chapter 16: External Authentication

Configuring an LDAP server

User authentication for Lightweight Directory Access Protocol (LDAP) supports the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol, providing secure data transmission between Adaptive Server and an LDAP server.

StepsConfigure a connection to an LDAP server

  1. Make sure that all trusted root certificates are located in the same file.

    After you define the trusted servers, Adaptive Server configures a secure connection, where servername is the name of the current Adaptive Server. If you:

    • Have defined $SYBASE_CERTDIR, Adaptive Server loads certificates from $SYBASE_CERTDIR/servername.txt (for UNIX) or %SYBASE_CERTDIR%\servername.txt (for Windows).

    • Have not defined $SYBASE_CERTDIR, Adaptive Server loads certificates from $SYBASE/$SYBASE_ASE/certificates/servername.txt (for UNIX) or %SYBASE%\%SYBASE_ASE%\certificates\servername.txt (for Windows).

  2. Restart Adaptive Server to change the trusted root certificate file.

  3. Use sp_ldapadmin, specifying ldaps:// URLs instead of ldap:// URLs, to establish a secure connection to a secure port of the LDAP server.

  4. Establish a TLS session over a plain TCP connection:

    sp_ldapadmin 'starttls_on_primary', {true | false}

    or

    sp_ldapadmin 'starttls_on_secondary', {true | false}

NoteLDAP server connections do not have a connect timeout option; if the LDAP server stops responding, all login connections also stop responding.




Copyright © 2009. Sybase Inc. All rights reserved. LDAPS user authentication enhancements

View this document as PDF