The libtcl.cfg and the libtcl64.cfg files (collectively libtcl*.cfg files) determine whether the interfaces file or LDAP directory services should be used. If LDAP is specified in the libtcl*.cfg file, the interfaces file is ignored unless the application specifically overrides the libtcl*.cfg file by passing the -I parameter while connecting to a server.
You use the libtcl*.cfg to specify the LDAP server name, port number, DIT base, user name, and password to authenticate the connection to an LDAP server. In the libtcl*.cfg file, LDAP directory services are specified with a URL in the DIRECTORY section.
For example:
[DIRECTORY]
ldap=libsybdldap.so
ldap://huey:11389/dc=sybase,dc=com??
one????bindname=cn=Manager,dc=sybase,dc=com secret
Table 2-21 defines the keywords for the ldapurl variables.
Keyword |
Description |
Default |
CS_* property |
|---|---|---|---|
host (required) |
The host name or IP address of the machine running the LDAP server |
None |
|
port |
The port number on which the LDAP server is listening |
389 |
|
ditbase (required) |
The default DIT base |
None |
CS_DS_DITBASE |
username |
Distinguished name (DN) of the user to authenticate |
NULL (anonymous authentication) |
CS_DS_PRINCIPAL |
password |
Password of the user to be authenticated |
NULL (anonymous authentication) |
CS_DS_PASSWORD |
You can find a complete list of Sybase’s LDAP directory schema in:
UNIX – $SYBASE/$SYBASE_OCS/config
Windows – %SYBASE%\%SYBASE_OCS%\ini In the same directory, there is also a file called sybase-schema.conf, which contains the same schema but in a Netscape-specific syntax.
To create an encrypted connection with the LDAP server using LDAPS, use:
ldap=libsybdldap.so ldaps://huey:636/dc=sybase,dc=com???? bindname=cn=Manager,dc=Sybase,dc=com?secret
If no port number is specified using ldaps://, port 636 will be used by default.
To create an encrypted connection by using and upgrading the standard LDAP listener, use:
ldap=libsybdldap.so starttls ldap://huey:389/dc=sybase,dc=com???? bindname=cn=Manager,dc=Sybase,dc=com?secret
If no port number is specified using ldap://, port 389 will be used by default.
The directory schema for use with Microsoft Active Directory is sybase.ldf. You can import sybase.ldf into the Active Directory (AD) or into an Active Directory Application Mode (ADAM) instance using the ldifde.exe command provided in the ADAM installation. To import the directory schema, execute the ldifde.exe command from the ADAM installation using this syntax:
ldifde -i -u -f sybase.ldf -s server:port -b username domain password -j . -c "cn=Configuration,dc=X" #configurationNamingContext
After the schema has been successfully imported into the Active Directory, you can create a container for the Sybase server entries and set appropriate read and write permissions for the container and its child objects.
For example, a container with a relative distinguished name (RDN) “CN=SybaseServers” is created in the root of the Active Directory for domain “mycompany.com” to store and retrieve Sybase server entries. The root distinguished name (rootDN) for this container is reflected in the libtcl.cfg file as:
ldap=libsybdldap.dll ldap://localhost:389/ cn=SybaseServers,dc=mycompany,dc=com??...
If you create a dedicated user account name “Manager” with password “secret” in the Active Directory to add and modify Sybase server entries, the complete entry in the libtcl.cfg file is:
For Windows:
ldap=libsybdldap.dll ldap://localhost:389/cn=SybaseServers,dc=mycompany, dc=com????bindname=cn=Manager,cn=Users,dc=mycompay, dc=com?secret
For UNIX:
ldap=libsybdldap.so ldap://myADhost:389/cn=SybaseServers,dc=mycompany, dc=com????bindname=cn=Manager,cn=Users,dc=mycompay, dc=com?secret
After setting the appropriate read and write permissions, you will be able to use the Sybase utility programs such as dscp or dsedit to store, view, and modify Sybase server entries in the Active Directory.
