Use the Lightweight Directory Access Protocol as a Directory Service

Lightweight Directory Access Protocol (LDAP) is an industry standard for accessing directory services. Directory services allow components to look up information by a distinguished name (DN) from an LDAP server that stores and manages server, user, and software information that is used throughout the enterprise or over a network.

SAP ASE uses directory services to establish client and RPC connections over the Internet. LDAP directory services are used to establish connections. LDAP is a licensed feature of SAP ASE.

The LDAP server can be located on a different platform from the one on which SAP ASE or the clients are running. LDAP defines the communication protocol and the contents of messages exchanged between clients and servers. Messages are operators, such as client requests for read, write and query, and server responses, including data-format information.

The LDAP server stores and retrieves information about:

You can Configure the LDAP server with these access restrictions:

User name and password authentication properties establish and end a session connection to an LDAP server.

Note: The user name and password that are passed to the LDAP server for user authentication purposes are distinct and different from those used to access SAP ASE.

When an LDAP server is specified in the libtcl.cfg or libtcl64.cfg file (collectively the libtcl*.cfg file), the server information is accessible only from the LDAP server. SAP ASE ignores the interfaces file.

If multiple directory services are supported in a server, the order in which they are searched is specified in libtcl*.cfg. You cannot specify the search order with the dataserver command line option.

See the Security Administration Guide.

Related concepts
Client/Server Communication