The LDAP user authentication allows client applications to send user name and password information to Adaptive Server for authentication by the LDAP server instead of syslogins. Authentication using the LDAP server allows you to use server-wide passwords instead of Adaptive Server or application-specific passwords.
LDAP user authentication is ideal for organizations with an existing computing environment who want to simplify and centralize user administration, or for users in a new computing environment who want to avoid unnecessary complexities for administering users.
LDAP user authentication works with directory servers that meet Version 3 of the LDAP protocol standard, including Active Directory, iPlanet, and OpenLDAP Directory Server.
You can use two authentication algorithms with LDAP user authentication,. which differ in how they obtain a user’s Distinguished Name (DN). The algorithms use either:
Composed DN for authentication, available for Adaptive Server version 12.5.1 or later, or,
Searched DN for authentication, available for Adaptive Server version 12.5.2 and later.
The primary data structure used with the LDAP protocol is the LDAP URL.
An LDAP URL specifies a set of objects or values on an LDAP server. Adaptive Server uses LDAP URLs to specify an LDAP server and search criteria to use to authenticate login requests.
The LDAP URL uses this syntax:
ldapurl::=ldap://host:port/node/?attributes?base | one | sub?filter
where:
host – is the host name of the LDAP server.
port – is the port number of the LDAP server.
node – specifies the node in the object hierarchy at which to start the search.
attributes – is a list of attributes to return in the result set. Each LDAP server may support a different list of attributes.
base | one | sub – qualifies the search criteria. base specifies a search of the base node; one specifies a search of the base node and one sublevel below the base node; sub specifies a search of the base node and all node sublevels.
filter – specifies the
attribute or attributes to be authenticated. The filter can be simple,
such as uid=*,
or compound, such as (uid=*)(ou=group).
| Copyright © 2005. Sybase Inc. All rights reserved. |
|
|
