To connect using an LDAP server, a file containing information on how to find and connect to the LDAP server must be created on both the database server computer and on each client computer. By default the name of this file is saldap.ini, but it is configurable. If this file doesn't exist, LDAP support is silently disabled.
The file must be located in the same directory as the SQL Anywhere executables (for example, install-dir\bin32 on Windows) unless a full path is specified with the LDAP parameter. The file must be in the following format:
[LDAP] server=computer-running-LDAP-server port=port-number-of-LDAP-server basedn=Base-DN authdn=Authentication-DN password=password-for-authdn search_timeout=age-of-timestamps-to-be-ignored update_timeout=frequency-of-timestamp-updates read_authdn=read-only-authentication-domain-name read_password=password-for-authdn
You can add simple encryption to obfuscate the contents of the saldap.ini file using the File Hiding utility (dbfhide). See File Hiding utility (dbfhide).
If the name of the file is not ldap.ini, then you must use the LDAP parameter to specify the file name.
server The name or IP address of the computer running the LDAP server. This value is required on Unix. If this entry is missing on Windows, then Windows looks for an LDAP server running on the local domain controller.
port The port number used by the LDAP server. The default is 389.
basedn The domain name of the subtree where the SQL Anywhere entries are stored. This value defaults to the root of the tree.
authdn The authentication domain name. The domain name must be an existing user object in the LDAP directory that has write access to the basedn. This parameter is required for the database server, and ignored on the client.
password The password for authdn. This parameter is required for the database server, and ignored on the client.
search_timeout The age of timestamps at which they are ignored by the client and/or the Server Enumeration utility (dblocate). A value of 0 disables this option so that all entries are assumed to be current. The default is 600 seconds (10 minutes).
update_timeout The frequency of timestamp updates in the LDAP directory. A value of 0 disables this option so that the database server never updates the timestamp. The default is 120 seconds (2 minutes).
read_authdn The read-only authentication domain name. The domain name must be an existing user object in the LDAP directory that has read access to the basedn. This parameter is only required if the LDAP server requires a non-anonymous binding before searching can be done. For example, this field is normally required if Active Directory is used as the LDAP server. If this parameter is missing, the bind is anonymous.
read_password The password for authdn. This parameter is only required on the client if the read_authdn parameter is specified.
Discuss this page in DocCommentXchange.
|Copyright © 2010, iAnywhere Solutions, Inc. - SQL Anywhere 12.0.0|