To connect using an LDAP server, a file containing information on how to find and connect to the LDAP server must be created on the database server computer and on each client computer. By default the name of this file is saldap.ini, but you can rename it. If you rename the saldap.ini file, then you must use the LDAP protocol option to specify the file name. If this file doesn't exist, LDAP support is disabled.
You can add simple encryption to obfuscate the contents of the saldap.ini file using the File Hiding utility (dbfhide). See File Hiding utility (dbfhide).
The file must be located in the same directory as the SQL Anywhere executables (for example, %SQLANY12%\bin32 on Windows) unless a full path is specified with the LDAP protocol option. The file's contents must be in the following format:
[LDAP] server=computer-running-LDAP-server port=port-number-of-LDAP-server basedn=Base-DN authdn=Authentication-DN password=password-for-authdn search_timeout=age-of-timestamps-to-be-ignored update_timeout=frequency-of-timestamp-updates read_authdn=read-only-authentication-domain-name read_password=password-for-authdn
server The name or IP address of the computer running the LDAP server. This value is required on Unix. If this entry is missing on Windows, then Windows looks for an LDAP server running on the local domain controller.
authdn The authentication domain name. The domain name must be an existing user object in the LDAP directory that has write access to the basedn. This parameter is required for the database server and it is ignored on the client.
search_timeout The age at which timestamps are ignored by the client and/or the Server Enumeration utility (dblocate). A value of 0 disables this option so that all entries are assumed to be current. The default is 600 seconds (10 minutes).
update_timeout The frequency of timestamp updates in the LDAP directory. A value of 0 disables this option so that the database server never updates the timestamp. The default is 120 seconds (2 minutes).
read_authdn The read-only authentication domain name. The domain name must be an existing user object in the LDAP directory that has read access to the basedn. This parameter is only required if the LDAP server requires a non-anonymous binding before searching can be done. For example, this field is normally required if Active Directory is used as the LDAP server. If this parameter is missing, the bind is anonymous.
Discuss this page in DocCommentXchange.
|Copyright © 2012, iAnywhere Solutions, Inc. - SQL Anywhere 12.0.1|