Lightweight Directory Access Protocol (LDAP) is an industry standard for accessing directory services. Directory services allow components to look up information by a distinguished name (DN) from an LDAP server that stores and manages server, user, and software information that is used throughout the enterprise or over a network.
The LDAP server can be located on a different platform from the one on which SAP ASE or clients are running. LDAP defines the communication protocol and the contents of messages exchanged between clients and servers. Messages are operators, such as client requests for read, write and query, and server responses, including metadata (data about data).
The LDAP server can store and retrieve information about:
SAP ASE, such as IP address, port number, and network protocol
Security mechanisms and filters
High availability companion server name
Authentication information for user access to SAP ASE
You can authenticate users logging in to SAP ASE through information stored in the syslogins directory or through a centralized LDAP server that enables a single login and password throughout the enterprise. See Security Adiminstration Guide > Managing SAP ASE Logins and Database Users.
You can configure the LDAP server to use these access restrictions:
Anonymous authentication – all data is visible to any user.
UNIX, 32-bit – $SYBASE/$SYBASE_OCS/config/libtcl.cfg
UNIX, 64-bit – $SYBASE/$SYBASE_OCS/config/libtcl64.cfg
Windows – %SYBASE%\%SYBASE_OCS%\ini\libtcl.cfg
User name and password authentication properties establish and end a session connection to an LDAP server.
When an LDAP server is specified in the libtcl.cfg or libtcl64.cfg file (collectively called libtcl*.cfg file), the server information is then accessible only from the LDAP server; SAP ASE ignores the interfaces file.
If multiple directory services are supported in a server, the order in which they are searched is specified in libtcl*.cfg. You cannot use the dataserver command line option to specify the search order.